An open discussion list for topics related to the eduGAIN interfederation service.

[Nicole Harris <harris AT terena.org>]

Hi Olivier

Thanks for bringing this up - interestingly we briefly talked about this
as an important topic on the REFEDS SC call yesterday.  Valter has also
been asked to briefly address some of these issues as important factors
for the future of interfederation at the TERENA GA meeting next week, so
input would be very timely!

I know Ian has spoken before about how he carries out certain filtering
for technical issues with entities for other federations but I don't
know if that is specifically written up anywhere. 

One of the things that occurs to me is that given the potential size of
the edugain metadata, scaling these sort of decisions on a per entity
basis is a significant overhead for federations and we may yet again be
having a conversation about the need for tagging :-) 

Cheers

Nicole

On 03/10/2014 10:17, Olivier Salaün wrote:
> Hello,
>
> Since July 2014 the French federation has adopted an opt-out for French 
> IdPs to 
> join eduGAIN. This implies that we include all eduGAIN SPs to our 
> renater-metadata.xml metadata file. We recently had internal discussions at 
> RENATER regarding eduGAIN SPs filtering.
>
> Within our national federation we have a workflow for so-called partner 
> organizations registration. Partner organizations are non E/R organizations 
> running federated services for E/R users. The decision to accept a partner 
> organization within our federation depends on the kind of service they 
> propose 
> to the E/R community; it should be somehow related to the activity of users 
> within their E/R institution (access to documentation, software, outsourced 
> internal services). For example we rejected https://www.myunidays.com/ 
> request 
> to join our federation. On the other hand MET 
> <https://met.refeds.org/met/met/search_service/?entityid=uniday> tells me 
> this 
> SP has successfully joined other federations (Turkey, New Zeland, US, 
> Ireland, 
> DFN, UK, Australia). I am aware that each federation have its own 
> policy/workflow regarding partner SPs acceptance.
>
> In the current situation we might get https://www.myunidays.com/ SP 
> included in 
> our federation metadata through eduGAIN and that's something we don't want. 
> Therefore we consider setting up eduGAIN SPs filtering.
>
> It seems that nothing in eduGAIN constitution forbids SAML entities 
> filtering, 
> as mentionned in chapter 3.3 of 
> <http://www.geant.net/service/eduGAIN/resources/Documents/GN3-10-326%20eduGAIN_constitution%20v2.0.pdf>
>
>     An individual Participant Federation or Home Organisation MAY decide 
> not to
>     communicate with a Service Provider exchanged through eduGAIN. An 
> individual
>     Participant Federation or Service Provider MAY decide not to communicate
>     with an Identity Provider exchanged through eduGAIN.
>
> I'm curious to know if other federations are doing/considering filtering 
> eduGAIN 
> metadata too? If so what sort of filtering policies do you have?
>
> Thanks.
>
> -- 
>
>
> *Olivier Salaün*
> Etudes et projets applicatifs
> Tél : +33 2 23 23 71 27
> Fax : +33 2 23 23 71 21
> www.renater.fr <http://www.renater.fr>
>       RENATER
> 263 Avenue du Gal Leclerc
> 35042 Rennes Cedex
>
>
>


-- 
----------------
Project Development Officer
TERENA
Singel 468 D
Amsterdam, 1017 AW
The Netherlands

T: +31(0)20 5304488
F: +31(0)20 5304499 

mob: +31(0)646 105395