An open discussion list for topics related to the eduGAIN interfederation service.

[Peter Schober <peter.schober AT univie.ac.at>]

* Tom Scavo <trscavo AT internet2.edu> [2015-01-06 14:53]:
> On Fri, Jan 2, 2015 at 6:38 AM, Brook Schofield <schofield AT terena.org> 
> wrote:
> > Maybe that is something else for federation operators to look at
> > when deciding to publish entities to an interfederation
> > environment.
> 
> For IdPs, would it be sufficient to tag the IdP with the
> hide-from-discovery entity attribute?

Such entities (guaranteed to be unreachable by anyone outside the
entity owner's network) would fail everything from section 6 of my
https://eduid.at/policy/mdrps and while that's no reason for rejecting
the registration I'd make sure the entity owner knows what s/he's
doing.
(I might be tempted to use 5.1 as a reason to reject a registration,
if the reasoning for unreachable-by-definition does not convince me.)

Since we do not run a seperate testing federation infrastructure it
may make sense for entity owners to register entities only reachable
internally with our federation, for testing purposes.

Note that even if they'd be using registered DNS names instead of
private class IP addresses there'd be no guarantee that the system
would be (or remain, after registration) accessible to the outside
world.  The private class IP address case just makes that fact more
obvious.

In short this is probably a reprise of the "test entities in eduGAIN"
discussion.

I'd agree with TomS that for IDPs the least you could do is label them
with HideFromDisco /if/ you positively need to register them into your
own federation /and/ need to expose them to eduGAIN in the first
place.
-peter