Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] R&S and Proxy IdP/SP

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] R&S and Proxy IdP/SP


Chronological Thread 
  • From: Niels van Dijk <niels.vandijk AT surfnet.nl>
  • To: <edugain-discuss AT lists.geant.org>
  • Subject: Re: [eduGAIN-discuss] R&S and Proxy IdP/SP
  • Date: Wed, 31 May 2017 12:59:26 +0200

Hi Jan,

As far as I am aware there is nothing in the spec that says that you
cannot. However, the owner/operator of that proxy *must* uphold R&S
regardless what the services behind the proxy are doing. Typically one
would need to lay out the exact or at least similar rules as described
in R&S to any of the parties behind the proxy. Another thing which might
help is if the proxy is not 1 entity(id) for all of the services, but
exposes a specific entity for each connected service in metadata. In
that way the individual services behind the proxy could signal R&S
compliance. Bottom line I think is that your fellow fed ops trust you to
make a judgement call on if you feel you can indeed allow the proxu to
carry R&S on the metadata you publish.

Cheers,

Niels

On 31-05-17 11:15, Jan Oppolzer wrote:
> Hi,
>
> I have a question about R&S entity category. Is it possible that a Proxy
> IdP/SP in a federation is assigned R&S entity category?
>
> From my point of view, as a federation operator, I don't like the idea
> that we have a proxy entity assigned R&S and that the entity can "hide"
> more services. I'm not sure that this is allowed, anyway.
>
> Thank you,
> Jan
>

--
Niels van Dijk Technical Product Manager Trust & Security
Mob: +31 651347657 | Skype: cdr-80 | PGP Key ID: 0xDE7BB2F5
SURFnet BV | PO.Box 19035 | NL-3501 DA Utrecht | The Netherlands
www.surfnet.nl www.openconext.org


Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page