edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?
Chronological Thread
- From: Mikael Linden <mikael.linden AT csc.fi>
- To: <edugain-discuss AT geant.net>
- Subject: Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?
- Date: Tue, 4 Nov 2014 09:05:53 +0200 (EET)
- List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
- List-id: eduGAIN discussion list <edugain-discuss.geant.net>
Dear eduGAIN-discuss,
Based on the discussion on this list in the summer, an “Entity category support” attribute is now introduced to the GEANT Data protection Code of Conduct. See my announcement to eduGAIN steering group below.
Cheers, mikael ---- From: Mikael Linden [mailto:mikael.linden AT csc.fi]
Dear eduGAIN steering group,
Based on the discussion and drafts on the eduGAIN-discuss mailing list, a version 1.1 of the following specifications are published - GEANT Data protection Code of Conduct: Entity category specification - GEANT Data protection Code of Conduct: SAML 2.0 profile
The new specifications introduce an Entity Category Support attribute to flag the Identity Providers that release attributes to Service Providers committed to the Code of Conduct.
The intention is that now one can identify in the (eduGAIN) SAML2 metadata the IdPs that are willing to release attributes to SPs committed to the CoCo - SPs can use that information to construct their Discovery Service - the community can monitor also the IdP-side adoption of the Code of Conduct
The legal document (GEANT Data protection Code of Conduct for Service Providers) has not been changed.
The Code of Conduct documents are available in the new REFEDS wiki: https://wiki.refeds.org/display/CODE/
Currently 33 eduGAIN SPs are committed to the CoCo: http://monitor.edugain.org/coco
Kind regards, Mikael Linden (The CoCo flywheel)
From: Mikael Linden [mailto:mikael.linden AT csc.fi]
Dear eduGAIN,
Thank you for your feedback on the EC support attribute for the CoCo.
Based on the feedback and discussion with related people I have prepared the attached updates (changes highlighted) - Entity Category spec for the Code of Conduct - SAML2 metadata spec for the Code of Conduct
Please provide any comments and feedback before the end of August. I will then ask Brook to bring the specs to eduGAIN steeging group.
Cheers, Mikael
From: Mikael Linden [mailto:mikael.linden AT csc.fi]
Dear eduGAIN,
Currently, the GÉANT Data protection Code of Conduct defines an entity category attribute just for SPs[1]. No entity category support attribute for IdPs is defined.
I would like to ask the community’s opinion if there is a need to complement the CoCo specification by defining also the EC support attribute for IdPs. The semantics would be “As an IdP, I’m willing to release attributes to the SPs committed to the GÉANT Data protection Code of Conduct”. The use case would obviously be assembling a proper IdP Dicovery service in the SP side.
The reason for the hesitation so far has been a possible interference of the multiple EC support attributes of an IdP, but that issue has been discussed in the REFEDS list [2]. The conclusion was that if an IdP asserts support to multiple ECs, they are interpreted separately and independently. For instance, if an IdP has both the CoCo and R&S support attributes, it means “this IdP releases attributes to an SP that asserts R&S and, independent of that, to an SP that asserts CoCo”.
The CoCo support attribute would still leave an opportunity to the IdP to decide, - what is the maximum list of attributes to release (although the cookbook gives an idea[3]) - if the IdP wants to make an exception for some SPs (I think we can’t avoid this anyway).
Looking forward to receiving your input!
Cheers, Mikael (the CoCo flywheel)
[2] https://www.terena.org/mail-archives/refeds/msg03847.html [3] https://wiki.edugain.org/Recipe_for_a_Home_Organisation -- Dr. Mikael Linden |
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Mikael Linden, 11/04/2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Peter Schober, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Lukas Hämmerle, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Tom Scavo, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Lukas Hämmerle, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Tom Scavo, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Lukas Hämmerle, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Peter Schober, 07-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Lukas Hämmerle, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Tom Scavo, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Peter Schober, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Peter Schober, 07-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Lukas Hämmerle, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Tom Scavo, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Lukas Hämmerle, 04-Nov-2014
- Re: [eduGAIN-discuss] Entity category support attribute for Data Protection CoCo?, Peter Schober, 04-Nov-2014
Archive powered by MHonArc 2.6.19.