An open discussion list for topics related to the eduGAIN interfederation service.

[Tom Scavo <trscavo AT internet2.edu>]

On Thu, Apr 16, 2015 at 9:41 AM, Olivier Salaün
<olivier.salaun AT renater.fr> wrote:
>
> Maybe you missed the first part of my email.

No, I didn't miss it :-)

> I'm concerned about non production IdPs published in eduGAIN metadata.

Yes, I know, but that's not "hide-from-discovery," which is something
else altogether.

We could drill down on what you mean by "non production IdP" but this
probably isn't the mailing list for that. It's one of those proverbial
"rat holes," I'm afraid.

> As a matter of fact some of these IdPs are tagged as "hide-from-discovery". 
> It makes me think that the registering federation identified that these are 
> not production IdPs, but still published these SAML entities in their 
> eduGAIN upstream file.

Just because some of the IdPs tagged as "hide-from-discovery" appear
to be "test IdPs" doesn't mean all of them are. At least in my
federation, the B2B use case I spoke of earlier is quite common. In
the end, I expect almost half of our IdPs to be tagged
"hide-from-discovery" but that doesn't mean they won't be exported to
eduGAIN.

> The B2B use case is sound like a legitimate for "hide-from-discovery" 
> tagging. I'm more puzzled when it comes to Test IdPs...

Yes, I understand what you're saying, but when you use phrases like
"non production IdP" and "test IdP," I think you're trying to express
a discomfort about something else altogether. I claim it doesn't have
anything to do with the "hide-from-discovery" category (which is the
only point I'm trying to make).

Tom

> Le 16/04/2015 15:02, Tom Scavo a écrit :
>
> On Thu, Apr 16, 2015 at 7:57 AM, Olivier Salaün
> <olivier.salaun AT renater.fr> wrote:
>
> Actually why do federation include such test IdPs in their eduGAIN upstream 
> metadata?
>
> I don't think that's a valid conclusion. An IdP that is tagged
> "hide-from-discovery" is (or should be) exactly what the spec says it
> is, nothing more.
>
> Are their real use cases?
>
> For exporting a "hide-from-discovery" IdP to eduGAIN? Sure. Suppose an
> IdP registers with a federation to facilitate B2B (i.e., vendor)
> interactions only. That IdP is neither willing nor able to handle
> requests from arbitrary SPs, only those SPs for which it is has a
> contract in place.
>
> Any chance these test IdPs would be removed from upstream eduGAIN metadata?
>
> I don't think this is an eduGAIN issue nor is this a
> "hide-from-discovery" issue. You seem to be talking about something
> else altogether.
>
>
> --
>
>
>
> Olivier Salaün
> Etudes et projets applicatifs
>
> Tél : +33 2 23 23 71 27
> Fax : +33 2 23 23 71 11
> www.renater.fr
> RENATER
> 263 Avenue du Gal Leclerc
> 35042 Rennes Cedex
>
>