An open discussion list for topics related to the eduGAIN interfederation service.

[Olivier Salaün <olivier.salaun AT renater.fr>]

Le 01/12/2014 17:49, Tom Scavo a écrit :

Hi Olivier,

On Mon, Dec 1, 2014 at 11:17 AM, Olivier Salaün
<olivier.salaun AT renater.fr> wrote:

We have an opt-out policy regarding eduGAIN participation for French IdPs only.
SPs have to explicitely request their participation to eduGAIN (opt-in).

It made sense not to bring all SPs in eduGAIN because most SPs don't have international end users and also their eduGAIN-enabling requires a bit more effort than required by an IdP admin.

I don't disagree with that strategy (in fact, it makes a lot of sense)
but could you expand a bit on the effort required by SP owners? Seems
all one would have to do is filter on an entity attribute to keep
global IdPs hidden on the discovery interface. Am I missing something?

We provide separate metadata files:

• sps-renater-metadata.xml
• idps-renater-metadata.xml
• sps-edugain-metadata.xml
• idps-edugain-metadata.xml

Our IdP admins are asked to load sps-renater-metadata.xml and sps-edugain-metadata.xml, unless the decided to opt-out from eduGAIN.
Our standard SP admins are asked to load idps-renater-metadata.xml only.
Our SP admins wishing to eduGAIN-enable their service are asked to load idps-renater-metadata.xml and idps-edugain-metadata.xml

Other recommandations for eduGAIN-enabling a service are documented in French here: <https://services.renater.fr/federation/docs/fiches/sp_edugain_enabled>. It is greatly inspired from what SWITCH produced <https://www.switch.ch/aai/docs/interfederation/sp-deployment.html>.

I hope I provide the details you expected.

Regards.

--

Olivier Salaün Etudes et projets applicatifs
Tél : +33 2 23 23 71 27 Fax : +33 2 23 23 71 11 www.renater.fr	RENATER 263 Avenue du Gal Leclerc 35042 Rennes Cedex