An open discussion list for topics related to the eduGAIN interfederation service.

[David Simonsen <david AT wayf.dk>]

Hello Olivier, all.

WAYF will soon implement opt-in for all inter-fed-SPs.

This means that we (the federation operator) will review all SPs in eduGAIN, 
Kalmar2 and other inter-fed metadata to check if we agree on the requested 
attributes and decide on the ARP.

Also we will be able to add purpose decriptions etc.

A tool is under construction and will hopefully be released by the end of the 
year.

Best regards
David & Co 




On 03 Oct 2014, at 11:17, Olivier Salaün <olivier.salaun AT renater.fr> wrote:

> Hello,
> 
> Since July 2014 the French federation has adopted an opt-out for French 
> IdPs to join eduGAIN. This implies that we include all eduGAIN SPs to our 
> renater-metadata.xml metadata file. We recently had internal discussions at 
> RENATER regarding eduGAIN SPs filtering. 
> 
> Within our national federation we have a workflow for so-called partner 
> organizations registration. Partner organizations are non E/R organizations 
> running federated services for E/R users. The decision to accept a partner 
> organization within our federation depends on the kind of service they 
> propose to the E/R community; it should be somehow related to the activity 
> of users within their E/R institution (access to documentation, software, 
> outsourced internal services). For example we rejected 
> https://www.myunidays.com/ request to join our federation. On the other 
> hand MET <https://met.refeds.org/met/met/search_service/?entityid=uniday> 
> tells me this SP has successfully joined other federations (Turkey, New 
> Zeland, US, Ireland, DFN, UK, Australia). I am aware that each federation 
> have its own policy/workflow regarding partner SPs acceptance.
> 
> In the current situation we might get https://www.myunidays.com/ SP  
> included in our federation metadata through eduGAIN and that's something we 
> don't want. Therefore we consider setting up eduGAIN SPs filtering. 
> 
> It seems that nothing in eduGAIN constitution forbids SAML entities 
> filtering, as mentionned in chapter 3.3 of 
> <http://www.geant.net/service/eduGAIN/resources/Documents/GN3-10-326%20eduGAIN_constitution%20v2.0.pdf>
> An individual Participant Federation or Home Organisation MAY decide not to 
> communicate with a Service Provider exchanged through eduGAIN. An 
> individual Participant Federation or Service Provider MAY decide not to 
> communicate with an Identity Provider exchanged through eduGAIN.
> I'm curious to know if other federations are doing/considering filtering 
> eduGAIN metadata too? If so what sort of filtering policies do you have?
> 
> Thanks.
> 
> -- 
> 
> <hiffajii.png>
>  
> Olivier Salaün
> Etudes et projets applicatifs 
>  
> Tél : +33 2 23 23 71 27
> Fax : +33 2 23 23 71 21
> www.renater.fr
> RENATER
> 263 Avenue du Gal Leclerc
> 35042 Rennes Cedex
>

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail