An open discussion list for topics related to the eduGAIN interfederation service.

[Andy Bennett <andyjpb AT knodium.com>]

Hi,

> With that said I understand the problem and we to address some way or
> another and as Leif says we need to slice the elephant. IdP entity
> categories is a good way to categorize what type of users that IdP has
> but we may also need a different slicing with marking of individual users.

I think we need to be careful where we put the "value". eduGAIN is
effectively a network and we should push the value out to the edges as
much as possible.

ECs start to concentrate some of the value inside the network itself.

Whilst there's a good case for some ECs in relation to the legal
commitments of the entities themselves (i.e. around data protection),
and this naturally makes implications about which data (attributes) are
suitable to release, we should be very careful how ECs proliferate.

Adding an EC for things which aren't directly related to the entities
themselves can put the details in the wrong place and this will only
increase the complexity of an already very complex system.


The IDPs discussed today (ProtectNetwork) come from UKAMF and are
consistent with the current UK policy.

I don't see a way that IDPs such as ProtectNetwork or even "outsourced"
IDPs that are run on behalf of both universities and schools could
possibly carry any of the ECs proposed today.

i.e. by asserting a certain scope, the IDP would become ineligible for
the EC, even if all the existing scopes require it. How many IDPs
outside of UKAMF have long lists of scopes that represent multiple
underlying educational establishments who are subcontracting to the IDP
provider?







Regards,
@ndy

-- 
andyjpb AT knodium.com
http://www.knodium.com/