An open discussion list for topics related to the eduGAIN interfederation service.

[Pål Axelsson <Pal.Axelsson AT uadm.uu.se>]

Hi

 

I’m not able to attend the meeting next week o I will express my thoughts here.

 

eduGAIN can never be only research if we don’t have another interfederation for students and one for educational support staff and so on.

 

With that said I understand the problem and we to address some way or another and as Leif says we need to slice the elephant. IdP entity categories is a good way to categorize what type of users that IdP has but we may also need a different slicing with marking of individual users.

 

Pål Axelsson

 

 

Från: Nicole Harris [mailto:harris AT terena.org]
Skickat: den 28 november 2014 18:45
Till: Josh Howlett
Kopia: edugain-discuss AT geant.net
Ämne: Re: [eduGAIN-discuss] eduGAIN and non "academic" IdPs

 

Hi Josh

 

I don't think anyone said these issues weren't important, just that they weren't solvable through the route being used. I think it is fair to be able to express disagreement on a mailing list, isn't that what they exist for?

 

What I'm hearing here is a proposal for a refeds entity category supported by further work on scopes within eduperson, possibly SCHAC, but some concern that still might not meet the use case. 

 

I'd then also suggest that we work with CLARIN via the enabling users folk and see if we can tease out the exact customer definition further. I know Lukas is already talking to Dieter, perhaps a VC with Jozef as well? This was bring the two ends together.

 

I think that's a pretty positive outcome of a community debate, is it not? 

 

It is however debatable if edugain exists primarily to serve research communities and not say student or general academic services, as the later would currently seem to characterize the services available. That's an interesting debate for the edugain TSG as it might mean making decisions that makes edugain unusable for the student / publisher community. 

We can pick the proposals up at the refeds and edugain meetings this week. 

 

Cheers

 

Nicole 

On 28 Nov 2014, at 16:53, Josh Howlett <Josh.Howlett AT jisc.ac.uk> wrote:

Hi Jozef,

 

You raise a number of valid points. There is a vocal minority here who disagree with you, but I think the silent majority would agree with your characterisation of these issues and the need to address them, so that eduGAIN is better able to serve the research communities that it is primarily funded to support.

 

On the particular point of the Protect Network IdP; these kinds of open registration IdPs are clearly an anomaly. Even if its membership of the UK federation is consistent with UK and eduGAIN policy, it could be that we need to revisit these policies. I will discuss this internally.

 

Thanks for your input.

 

Josh.

 

<image001.jpg>

Josh Howlett
Head, Trust & Identity

T +44 (0)1235 822 363
M +44 (0)7810 835 075
Skype josh_howlett
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG

jisc.ac.uk

 

 

From: Jozef Misutka [mailto:misutka AT ufal.mff.cuni.cz]
Sent: 27 November 2014 08:35
To: edugain-discuss AT geant.net
Subject: [eduGAIN-discuss] eduGAIN and non "academic" IdPs

 

Dear all,

 

putting my Service Provider (SP) admin hat on I would like to hear your opinions on the matter described below and whether it is an issue for other SPs as well.

 

Let's start with reading http://services.geant.net/edugain/About_eduGAIN/Pages/Home.aspx which can give the impression that SPs and IdPs inside eduGAIN should have "academic" [1] background:

"""
eduGAIN is a service developed within the GÉANT Project - a major collaboration between European national research and education network (NREN) organisations and the European Union.
"""

Entities are pushed to eduGAIN by national federations (NFs). Although many NFs have "Education and Research", "Academic" or "Science" in their name they have their own policies in accepting members.

Simply put, because "eduGAIN" does not have any requirements on the published entities in this respect users from e.g., private companies! can authenticate to SP. 

And this can be a problem for our (or any other) academic SP.

 

We want to be available "for all academics of the world" and we thought eduGAIN could help us and simplify the process. But because a lot of IdPs do not release any or valid attributes we do not know if the authenticated user is "academic" or not at the moment. The only way is to (regularly) go through http://edugain.org/technical/status.php, read all the Metadata Registration Practice Statement (MPRS) and find out which IdPs can join the particular federation. In case a NF allows private companies we would have to manually approve academic IdPs from that federation.

 

Some NFs put categories to published IdPs; however, it is not feasible to know all the NFs in detail for every SP.

 

Thank you for your input.

 

[1] We do not have a precise definition of "academic" but we know that private companies are not academic.

 

 

Kind regards,

____________________________

Jozef Misutka
LINDAT/CLARIN CTO
http://lindat.cz

https://lindat.mff.cuni.cz/repository/xmlui/

 

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.

Attachment: smime.p7s
Description: S/MIME cryptographic signature