Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] eduGAIN and non "academic" IdPs

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] eduGAIN and non "academic" IdPs


Chronological Thread 
  • From: Fredrik Åslund <fredrik.aslund AT umu.se>
  • To: Andy Bennett <andyjpb AT knodium.com>
  • Cc: "edugain-discuss AT geant.net" <edugain-discuss AT geant.net>
  • Subject: Re: [eduGAIN-discuss] eduGAIN and non "academic" IdPs
  • Date: Mon, 1 Dec 2014 11:11:45 +0100 (CET)
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>

On Fri, 28 Nov 2014, Andy Bennett wrote:

> Hi,
>
> > With that said I understand the problem and we to address some way or
> > another and as Leif says we need to slice the elephant. IdP entity
> > categories is a good way to categorize what type of users that IdP has
> > but we may also need a different slicing with marking of individual users.
>
> I think we need to be careful where we put the "value". eduGAIN is
> effectively a network and we should push the value out to the edges as
> much as possible.
>
> ECs start to concentrate some of the value inside the network itself.
>
> Whilst there's a good case for some ECs in relation to the legal
> commitments of the entities themselves (i.e. around data protection),
> and this naturally makes implications about which data (attributes) are
> suitable to release, we should be very careful how ECs proliferate.
>
> Adding an EC for things which aren't directly related to the entities
> themselves can put the details in the wrong place and this will only
> increase the complexity of an already very complex system.
>
>
> The IDPs discussed today (ProtectNetwork) come from UKAMF and are
> consistent with the current UK policy.
>
> I don't see a way that IDPs such as ProtectNetwork or even "outsourced"
> IDPs that are run on behalf of both universities and schools could
> possibly carry any of the ECs proposed today.
>
> i.e. by asserting a certain scope, the IDP would become ineligible for
> the EC, even if all the existing scopes require it. How many IDPs
> outside of UKAMF have long lists of scopes that represent multiple
> underlying educational establishments who are subcontracting to the IDP
> provider?
>
How about combining an IdP EC "contains-academic-users" with a new
affiliation "academic"? By policy we can require that IdP:s may only be
tagged with the "contains-academic-users" EC if they only release the
affiliation "academic@<scope>" if the user is an "academic".

/Fredrik

Fredrik Åslund
----------------------------------
Systemadministratör
IT-stöd och systemutveckling (ITS)
Umeå universitet
901 87 Umeå
----------------------------------
Telefon: +46 (0)90 786 65 43
Mobil: +46 (0)70 303 78 36
----------------------------------
fredrik.aslund AT umu.se
www.its.umu.se


Archive powered by MHonArc 2.6.19.

Top of Page