An open discussion list for topics related to the eduGAIN interfederation service.

[Olivier Salaün <olivier.salaun AT renater.fr>]

Hello,

Since July 2014 the French federation has adopted an opt-out for French IdPs to join eduGAIN. This implies that we include all eduGAIN SPs to our renater-metadata.xml metadata file. We recently had internal discussions at RENATER regarding eduGAIN SPs filtering.

Within our national federation we have a workflow for so-called partner organizations registration. Partner organizations are non E/R organizations running federated services for E/R users. The decision to accept a partner organization within our federation depends on the kind of service they propose to the E/R community; it should be somehow related to the activity of users within their E/R institution (access to documentation, software, outsourced internal services). For example we rejected https://www.myunidays.com/ request to join our federation. On the other hand MET <https://met.refeds.org/met/met/search_service/?entityid=uniday> tells me this SP has successfully joined other federations (Turkey, New Zeland, US, Ireland, DFN, UK, Australia). I am aware that each federation have its own policy/workflow regarding partner SPs acceptance.

In the current situation we might get https://www.myunidays.com/ SP  included in our federation metadata through eduGAIN and that's something we don't want. Therefore we consider setting up eduGAIN SPs filtering.

It seems that nothing in eduGAIN constitution forbids SAML entities filtering, as mentionned in chapter 3.3 of <http://www.geant.net/service/eduGAIN/resources/Documents/GN3-10-326%20eduGAIN_constitution%20v2.0.pdf>

An individual Participant Federation or Home Organisation MAY decide not to communicate with a Service Provider exchanged through eduGAIN. An individual Participant Federation or Service Provider MAY decide not to communicate with an Identity Provider exchanged through eduGAIN.

I'm curious to know if other federations are doing/considering filtering eduGAIN metadata too? If so what sort of filtering policies do you have?

Thanks.

--

Olivier Salaün Etudes et projets applicatifs
Tél : +33 2 23 23 71 27 Fax : +33 2 23 23 71 21 www.renater.fr	RENATER 263 Avenue du Gal Leclerc 35042 Rennes Cedex