Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Machine readable and 'trusted' interfederation metadata

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Machine readable and 'trusted' interfederation metadata


Chronological Thread 
  • From: Niels van Dijk <niels.vandijk AT surfnet.nl>
  • To: edugain-discuss AT geant.net
  • Subject: Re: [eduGAIN-discuss] Machine readable and 'trusted' interfederation metadata
  • Date: Mon, 04 Aug 2014 16:52:22 +0200
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04-08-14 14:48, Peter Schober wrote:
> * Niels van Dijk <niels.vandijk AT surfnet.nl> [2014-08-04 14:30]:
>> I understand your point. For my usecase that is however not
>> usable as I cannot bind people (and thus logins) to that. However
>> I think I can come up with a way of using the official email to
>> bootstrap this.
>
> Would you care to share more abou this use-case, maybe? ;) -peter
>

Sure:
* For the SimpleValidationService I am investigating the possibilities
for onboarding SPs. As you may know SvS acts as a SAML SP towards
eduGAIN IdPs, and will allow all eduGAIN IdPs by default. On the
'other side' of SvS we are planning to implement (one or more) OpenID
Connect endpoint(s) to allow SPs to validate if someone is affiliate
with higher education. For more details see:
(https://wiki.surfnet.nl/display/SvS/RFC%3A+Simple+Validation+Service)
I am pondering in what way these OpenID Connect SPs can be managed.
Several possible method’s for that exist, and I am investigating a
mechanism where a federation operator can register (or at least
bootstrap registration of) an OpenID Connect SP. That would however
require me to determine who is authoritative to Register a SP on
behalf of a federation. For bootstraping that, I would like a list of
federation contacts from an authoritative source, e.g. eduGAIN.

* SURFnet is developing a group authZ service that it will make
available for eduGAIN (endusers). The service is expected to operate
in much the same way as the current national Teams application of
SURFconext. The service will allow any enduser that can login to the
service via eduGAIN to create a group and invite others.
(SAML) Service providers can then query the API interfaces of the
service to determine if a given user is a member of a group.
Again the service will allow all eduGAIN IdPs by default, and again
onboarding SPs is the issue. Here also I am investigating what would
be the best way to bootstrap registration of SPs. If I want federation
operators to be involved, I would need a list of federation contacts
from an authoritative source, e.g. eduGAIN.

Cheers,
Niels

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT354mAAoJECCFeCvee7L19w4P/iYzEmq4x7TzSgREwDxTnaj3
yyDb9c8+smBGJ/TemyfNkfIg0SuyiD3Y0j7qeK/7KXQFnkaWdPiBw8gfgYV0qx7g
hb/yTPdqUe4m3HbEepOnITjbKE2B7ubA40zYcmE6ycm+7Dc27NMhfSZepr6gbemT
JcpRETVQBSY/zV2U3ApnUIynmHOQLMqBcMh2g2LD2aOqSFUXITzwXIjUgl2HUpam
JATXVMfhM5OUcQdb4Qjda4rwtzx4bNHOvv53JotQN7xl87K7z+KLYWKR/nbLvkc/
OAap2lfa7NMH6sC7/B1e3lSEtUzEBRaAB3crfBnYWZn+cmUT2y4r/UsRy1AgDc7E
hQNyqRxKN6DsXwxlc44i34buC/QwekArU9LC7/Gi6Bi+H04+L09OvnZzIfawL4+i
1yj5wl6KLPXT6KIdgnl4ddETIAyOF10ebyk11JHutzFcWh6CoG/AzBG863OY5yMo
6cSLKHN9in1pNgY1RnrcYXBPtYeevsfTe+tbYBvTklTElYAwnKDmqHNij5w5u5XP
w8t8QRogP1rISLtcZ2Miivz8zCg2g/oY0xA6kcO52zWzC+p0CmYpQWvM/+W8ZZIx
WgiiowsBSHRkzJNPm2V0UMjJuwL1huoBkp2k0GnlIjOnZsjekpuPtpEziyF6Qh/l
jU2Gdm4E7XMk3kV0lfXs
=4NPO
-----END PGP SIGNATURE-----





Archive powered by MHonArc 2.6.19.

Top of Page