edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Niels van Dijk <niels.vandijk AT surfnet.nl>
- To: <edugain-discuss AT lists.geant.org>
- Subject: Re: [eduGAIN-discuss] R&S and Proxy IdP/SP
- Date: Wed, 31 May 2017 12:59:26 +0200
Hi Jan,
As far as I am aware there is nothing in the spec that says that you
cannot. However, the owner/operator of that proxy *must* uphold R&S
regardless what the services behind the proxy are doing. Typically one
would need to lay out the exact or at least similar rules as described
in R&S to any of the parties behind the proxy. Another thing which might
help is if the proxy is not 1 entity(id) for all of the services, but
exposes a specific entity for each connected service in metadata. In
that way the individual services behind the proxy could signal R&S
compliance. Bottom line I think is that your fellow fed ops trust you to
make a judgement call on if you feel you can indeed allow the proxu to
carry R&S on the metadata you publish.
Cheers,
Niels
On 31-05-17 11:15, Jan Oppolzer wrote:
> Hi,
>
> I have a question about R&S entity category. Is it possible that a Proxy
> IdP/SP in a federation is assigned R&S entity category?
>
> From my point of view, as a federation operator, I don't like the idea
> that we have a proxy entity assigned R&S and that the entity can "hide"
> more services. I'm not sure that this is allowed, anyway.
>
> Thank you,
> Jan
>
--
Niels van Dijk Technical Product Manager Trust & Security
Mob: +31 651347657 | Skype: cdr-80 | PGP Key ID: 0xDE7BB2F5
SURFnet BV | PO.Box 19035 | NL-3501 DA Utrecht | The Netherlands
www.surfnet.nl www.openconext.org
Attachment:
signature.asc
Description: OpenPGP digital signature
- [eduGAIN-discuss] R&S and Proxy IdP/SP, Jan Oppolzer, 31-May-2017
- Re: [eduGAIN-discuss] R&S and Proxy IdP/SP, Niels van Dijk, 05/31/2017
- Re: [eduGAIN-discuss] R&S and Proxy IdP/SP, Wolfgang Pempe, 31-May-2017
- Re: [eduGAIN-discuss] R&S and Proxy IdP/SP, Niels van Dijk, 05/31/2017
Archive powered by MHonArc 2.6.19.