An open discussion list for topics related to the eduGAIN interfederation service.

[Martin Matthiesen <martin.matthiesen AT csc.fi>]

Hello,
----- Original Message -----
> From: "Leif Johansson" <leifj AT sunet.se>
> To: edugain-discuss AT geant.net
> Sent: Monday, 1 December, 2014 11:53:59
> Subject: Re: [eduGAIN-discuss] eduGAIN and non "academic" IdPs

> On 12/01/2014 10:17 AM, Martin Matthiesen wrote:
>> Hello all,

[...]

>> Protect Network is a special case, though. But I don't see the commercial 
>> aspect
>> here as the problem, rather the question on how users get accounts, which 
>> is a
>> bit unclear to me. If it is really "public sign up" and the level of 
>> assurance
>> is thus zero, I don't see why anyone would want to have it, with or 
>> without EC.
>> In Clarin we have a similar IdP for homeless users, but have not registered
>> that to eduGAIN for good reasons. I understand Protect Network is IdP
>> outsourcing, which makes a lot of sense.
>> 
> 
> Based on conversations with other research projects I'm not sure Clarin
> is representative in this view. For instance there is significant
> interest in unitedid (because it offers 2 factor authn) even though
> the proofing level is low.

Well, then Protect Network should not be a problem either?

>> Clarin does have a use case for resources that are automatically open to
>> academics, Clarin ACA (www.clarin.eu/content/license-categories). This 
>> category
>> is implemented in Fin-Clarin for a newspaper corpus (HS.fi,
>> https://korp.csc.fi/#lang=en). It requires the eduPersonAffiliation 
>> attribute
>> to be set to "faculty". I am not very familiar with eduGAIN legalese, but I
>> would assume that non-academic IdPs are not allowed to set eduPerson*?
> 
> I'm not sure what you mean by "allowed" but I'm not sure its as simple
> as that...

By allowed I mean: Can a commercial non-academic IdP set eduPerson* and be a 
legitimate memeber of eduGAIN?

[...]

> That is wrong. SWAMID and Feide do not require 'faculty' and furthermore
Here are the references:

https://portal.nordu.net/pages/viewpage.action?pageId=31197805 (Swamid)
https://www.feide.no/attribute/edupersonaffiliation 

> that notion (faculty) has no meaning in the Scandinavian academic
> tradition and is almost never defined.

Swamid indeed conflates faculty and staff. Feide does not. Maybe the Swamid 
document could be changed by first stating the Swamid usage that SPs can rely 
on and only after that the more general definition.

> Studies have shown (and experience bears this out) that only employee
> and student are universally deployed.

That is also my experience. The question is, should it stay that way. It 
might be enough and then it might be helpful to stress that in official 
documents.
This is yet another reason for me to concentrate on attributes and not make 
up a second front on entity categories.

Cheers,
Martin

> 
>       Cheers Leif