Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] R&S and Proxy IdP/SP

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] R&S and Proxy IdP/SP


Chronological Thread 
  • From: Wolfgang Pempe <pempe AT dfn.de>
  • To: edugain-discuss AT lists.geant.org
  • Subject: Re: [eduGAIN-discuss] R&S and Proxy IdP/SP
  • Date: Wed, 31 May 2017 13:22:51 +0200

Hi,

some of the issues mentioned below are being addressed by the Snctfi framework, cf.
https://aarc-project.eu/wp-content/uploads/2017/05/AARC-Deliverable-DNA3.4-final.pdf

Cheers,
W.


Am 31.05.2017 um 12:59 schrieb Niels van Dijk:
Hi Jan,

As far as I am aware there is nothing in the spec that says that you
cannot. However, the owner/operator of that proxy *must* uphold R&S
regardless what the services behind the proxy are doing. Typically one
would need to lay out the exact or at least similar rules as described
in R&S to any of the parties behind the proxy. Another thing which might
help is if the proxy is not 1 entity(id) for all of the services, but
exposes a specific entity for each connected service in metadata. In
that way the individual services behind the proxy could signal R&S
compliance. Bottom line I think is that your fellow fed ops trust you to
make a judgement call on if you feel you can indeed allow the proxu to
carry R&S on the metadata you publish.

Cheers,

Niels

On 31-05-17 11:15, Jan Oppolzer wrote:
Hi,

I have a question about R&S entity category. Is it possible that a Proxy
IdP/SP in a federation is assigned R&S entity category?

From my point of view, as a federation operator, I don't like the idea
that we have a proxy entity assigned R&S and that the entity can "hide"
more services. I'm not sure that this is allowed, anyway.

Thank you,
Jan



--
---------------------------------------------------------------------
Wolfgang Pempe Phone : +49 30 884299-308
DFN-Verein Fax : +49 30 884299-370
Alexanderplatz 1 E-Mail : pempe AT dfn.de
D-10178 Berlin WWW : http://www.dfn.de
---------------------------------------------------------------------
--------------------- Deutsches Forschungsnetz ----------------------
--------- Germany's National Research and Education Network ---------
---------------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.19.

Top of Page