An open discussion list for topics related to the eduGAIN interfederation service.

[Nicole Harris <harris AT terena.org>]

>
> I suspect(/hope) the UK federation that publishes protectnetwork has
> some reasoning for allowing them in (I must say I was surprised as
> well) 
For a longtime it was used as the only IdP of last resort in the Uk
federation.  Indeed when things got started it was the only way I could
access anything :-)  I suspect it is used less now that ProtectNetwork
has an expensive charging model in place.  You will also see it used in
InCommon...not sure about elsewhere. 

> and this does make me wonder what policy the UK federation in
> general has in regard to validating that a person in an IdP is realy
> who he claims he is, 
I don't recall federation policy making any claims that it does.  Having
spent a longtime looking a federation policy I can't think of many that
make any claim such as this, they merely say that an IdP should have an
Identity Management Practice Statement plus other similar
requirements.   The UK is one of the few that actually points out this
explicitly might not be the case with its section 6 in the policy
documentation on user accountability.  We didn't analyse the Surfnet
policy though so it might be different for yours :-)

I assume ProtectNetwork have some sort of email validation approach in
place though. All the rest would be user-asserted. 

Obviously things like the section 6 tag don't translate well out of the
national context and as we move in to interfederation, which is an issue.

> but that is out of scope for why protectnetwork
> is in edugain at all..
Sure, it is entirely reasonable for other federations to say that they
don't think ProtectNetwork is in the spirit of edugain and perhaps it
shouldn't be in the aggregate for x reasons.  I can see why federations
might be nervous about this IdP in particular.  Similarly some
federations might have concerns about seeing a Springer IdP without
knowing the context.

I do think that the best way to deal with it is to raise this via the
edugain TSG and with edugain-OT - similar to the hey SWAMID why does
this service have this tag conversation).  I don't think introducing new
restrictive rules is the way forward.