Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] [refeds] mari plan & next steps

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] [refeds] mari plan & next steps


Chronological Thread 
  • From: Lukas Hämmerle <lukas.haemmerle AT switch.ch>
  • To: edugain-discuss AT geant.net, refeds AT terena.org
  • Subject: Re: [eduGAIN-discuss] [refeds] mari plan & next steps
  • Date: Wed, 29 Oct 2014 17:00:29 +0100
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>
  • Organization: SWITCH

On 29.10.14 16:16, Andy Bennett wrote:
> Some federations insist on releasing all the requested attributes and
> if you request one they're not happy with then they release nothing.

I wonder how many federations are in this category... Any numbers?
Wouldn't it be easier to kindly ask them to change their behaviour
instead of investing a lot of time in
specification/implementation/deployment of a new meta attribute that is
only mitigating and not solving the problem really (see below)?


> Others insist on you enumerating everything you can use and then only
> sending you what they're happy to release.

Isn't that the most reasonable approach, combined with some logic on the
SP that throws an error message e.g. if neither displayName, commonName
or givenName+sn is available even though the name is crucial for the
operation of the service?



On 29.10.14 16:39, Leif Johansson wrote:
> the nordunet webinar service is a good example:
>
> https://md.nordu.net/metadata/%7Bsha1%7D8854e4c7125335a1a6b3ff9354f4f1b2ba8707af.html
>
> The list of requested attributes is the union of all
> requested attributes that is needed by uninett and wayf. Now what
> happens if uninett can send edupersonscopedaffiliation but not
> eduersonaffiliation wayf can send eduersonaffiliation but not
> edupersonscopedaffiliation
>
> My guess is that wayf and uninett decide to ignore required
> attributes they can't actually release - or this would never work.
>
> The mari proposal is trying to make that problem a little less
> egregious.

But there still will be a problem with mari, right. Namely, if the
webinar service requests a name and an identifier attribute and if an
organisation can only provide an identifier attribute. I have heard that
in some countries/federations, many IdPs can release hardly more than
affiliation and ePPN.


Best Regards
Lukas



--
SWITCH
Lukas Hämmerle, Central Solutions
GÉANT Project Task Leader "Enabling Users"
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 05, direct +41 44 268 15 64
lukas.haemmerle AT switch.ch, http://www.switch.ch





Archive powered by MHonArc 2.6.19.

Top of Page