Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Some updates on technical.edugain.org

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Some updates on technical.edugain.org


Chronological Thread 
  • From: Peter Schober <peter.schober AT univie.ac.at>
  • To: edugain-discuss AT lists.geant.org
  • Subject: Re: [eduGAIN-discuss] Some updates on technical.edugain.org
  • Date: Fri, 19 Feb 2016 11:04:39 +0100
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass header.i= AT univie.ac.at
  • Organization: ACOnet

* Sander Maijers <sander AT clarin.eu> [2016-02-19 10:12]:
> > While the CLARIN ERIC is a proper eduID.at federation member and can
> > register SPs with us, that doesn't mean I have to duplicate the work
> > other federation operators (from peer eduGAIN member federations) have
> > already performed, which checking, amending and labelling.
>
> Has someone demanded this of you? If not, why do you mention this?

How else would dozens of entities get into our aggregate? By us
registering them, rundendantly, like at many other federation
operators have done before? So I'm now reusing e.g. Wolfgang's work as
a federation operator and pulling the DFN-AAI (and Haka and FEIDE and
eduID.cz) registrations from eduGAIN. Because I resign and republish
entities registered by those (and others) anyway for normal
interfederation purposes. I.e., I trust them and their processes.

> > Pulling SAML Metadata automatically from CLARIN wasn't an option since
> > (1) they didn't sign their metadata (may have changed, don't know) and
>
> As I told you in person and is very easy to check we do sign the
> respective SAML metadata batch since some time, not long after
> establishing contact with your federation.

I.e., "may have changed" above. Which only leaves a host of other
issues wrt your aggregate. We can discuss those should you succeed at
getting the eduGAIN constitution changed in order to allow entities
such as the CLARIN ERIC to become full eduGAIN member federations in
their own right. Then we could also discuss your aggregate more openly
in e.g. this forum, wheras today that's every federation operators
private problem.

> > (2) there was no MDRPS, and I took issue with some of their practices,
> > esp wrt assigning R&S, w/o populating mdrpi:RegistrationInfo
> > accordingly.
>
> What do you mean with ‘accordingly’? You did not point this issue out
> out based on this motivation. Good that I read this now then.

We wrote about this at length, but the gist (which many would find
self-evident, I would certainly hope) is that registrations and
actions -- such as assigning an entity category that requires review
(and possibly taking on risk!) by the registrar -- need to be
transparent and tracable. Metadata that does not make clear who makes
what claim about an entity cannot be relied on as basis for
establishing trust in the information contained.

Of course the details of achieving this may not be fully specified
anywhere, maybe that needs some discussion.

Best regards,
-peter

Attachment: signature.asc
Description: Digital signature




Archive powered by MHonArc 2.6.19.

Top of Page