An open discussion list for topics related to the eduGAIN interfederation service.

[Niels van Dijk <niels.vandijk AT surfnet.nl>]

Hi Jan,

As far as I am aware there is nothing in the spec that says that you
cannot. However, the owner/operator of that proxy *must* uphold R&S
regardless what the services behind the proxy are doing. Typically one
would need to lay out the exact or at least similar rules as described
in R&S to any of the parties behind the proxy. Another thing which might
help is if the proxy is not 1 entity(id) for all of the services, but
exposes a specific entity for each connected service in metadata. In
that way the individual services behind the proxy could signal R&S
compliance. Bottom line I think is that your fellow fed ops trust you to
make a judgement call on if you feel you can indeed allow the proxu to
carry R&S on the metadata you publish.

Cheers,

Niels

On 31-05-17 11:15, Jan Oppolzer wrote:
> Hi,
>
> I have a question about R&S entity category. Is it possible that a Proxy
> IdP/SP in a federation is assigned R&S entity category?
>
> From my point of view, as a federation operator, I don't like the idea
> that we have a proxy entity assigned R&S and that the entity can "hide"
> more services. I'm not sure that this is allowed, anyway.
>
> Thank you,
> Jan
>

-- 
Niels van Dijk        Technical Product Manager Trust & Security
Mob: +31 651347657  |   Skype: cdr-80  |  PGP Key ID: 0xDE7BB2F5
SURFnet BV | PO.Box 19035 | NL-3501 DA Utrecht | The Netherlands
www.surfnet.nl                                www.openconext.org

Attachment: signature.asc
Description: OpenPGP digital signature