An open discussion list for topics related to the eduGAIN interfederation service.

[John Krienke <jcwk AT internet2.edu>]

On Jul 7, 2014, at 10:28 AM, Ian Young <ian AT iay.org.uk> wrote:

>> We will have all of our IdPs in eduGAIN by the end of this month and we 
>> have changed the policy from opt-in to opt-out for IDPs.
> 
> That is good news; 

This is encouraging to hear. As we review our InCommon policies prior to 
exporting IdPs from the US, we're considering opt-out as a preference as 
well. It's likely that even if we do adopt an opt-out policy for IdPs, that 
we'll start with gradual pilots before exporting more liberally. We want to 
be measured and considerate with our initial efforts. 


> 
>> Different is for SPs. If SPs desire to opt-in in eduGAIN they must be 
>> prepared to manage a different metadata set where a lot of IDPs are out 
>> their interest and is up to them to discriminate which IDPs to keep and 
>> which IDPs to discard. If the SP is not still able to manage metadata in 
>> this way, Federation must assure that this SP doesn't consume metadata 
>> that he don't know and don't ask for.
> 
> I don't see that this is any different than the situation within a single 
> large federation. With a large number of SPs and a large number of IdPs, it 
> will always be the case that many IdPs are not relevant to any given SP. 
> That doesn't mean that it is the federation's job to separate out the ones 
> which are. The federation should of course provide the information which 
> *enables* the SP to do the right thing, and I think we do.

As we near 2,000 SP entities in InCommon, I would echo the sentiment that our 
federation will certainly provide advice (like the REFEDs discovery best 
practices) and tools (such as our somewhat-coarse, all-IdP-inclusive central 
discovery service); however, user experience is ultimately in the hands of 
each individual SP administrator. Our federation-operator efforts will never 
be able to scale to meet the user experience demands of every IdP-to-SP 
collaboration. Our own best hope for discovery and usability lies in 
promoting IdP discovery best practices, R&S and other attribute release 
enablers, and also knowing that IdPs and SPs have some inherent internal 
motivation to get this right for their user community/customers. 


> 
>> So please take away italian entities from the ukfederation metadata.
> 
> ...  it would mean that as far as UKf members were concerned your 
> federation was no longer part of eduGAIN.

My sense is that publishing an entity in eduGAIN means that the home 
federation is giving that entity the ability and permission to travel the 
world freely with no restrictions. Conversely, the home federation knows that 
any single federation might choose to disallow the entity at its own border. 
I'll ask a potentially naive eduGAIN policy question: Can federation "A" ask 
another federation not to publish metadata that Federation A has already 
shared via eduGAIN? Micro-adjusted permissions and licensing terms will be 
hard to scale in complex international interfederation. Thanks,

john.