An open discussion list for topics related to the eduGAIN interfederation service.

[Lukas Haemmerle <lukas.haemmerle AT switch.ch>]

Dear colleagues

The year 2017 soon ends and in many countries it's time for making
Christmas gifts. Even if you are not in one of those countries, we have
a small but potentially very useful gift for all of you and/or your
eduGAIN SP operators:

    The eduTEAMS Discovery Service
    https://wiki.geant.org/display/ED/Discovery+Service


What is the eduTEAMS Discovery Service?
---------------------------------------
The eduTEAMS Discovery Service will help your services present the list
of institutions from eduGAIN in a convenient and consistent way. It asks
users to select the institution so they can authenticate at their home
institutions. For the service, the eduTEAMS Discovery Service is very
easy to integrate.

Technically speaking: The eduTEAMS Discovery Service is a state of the
art SAML2 IdP Discovery Service that is hosted by GÉANT and that is
especially suited for eduGAIN Service Providers.

Even though the eduTEAMS Discovery Service is part of the GÉANT eduTEAMS
service bundle [1] it is available to any eduGAIN Service Provider for free.


What are some of its cool features?
-----------------------------------
There are two features to mention in particular that differentiate the
eduTEAMS Discovery Service from other implementations:

1. Using the eduTEAMS Discovery filter generator [2] one can easily
customize the list of IdPs displayed by the Discovery Service. Just
click together the entity categories or IdPs that should or should not
be display.

You want to only show R&S and CoCo-compliant IdPs without the
Hide-From-Discovery flag? No problem. More useful examples can be found
here: https://wiki.geant.org/display/ED/Example+Filter+Rules

2. From an end user point of view, the eduTEAMS Discovery Service is
privacy preserving by design as the operator of the Discovery Service
never knows what IdP the user selected.


Why should I use it as eduGAIN SP operator?
-------------------------------------------
* You don't have to operate a Discovery Service yourself
  and can rely on a highly available hosted service
* Easy to integrate using an embedded Discovery Service
* Customize the list of IdPs to select from
* Privacy-preserving from a user's point of view
* Simple and intuitive end-user interface
* Will take into account recommendations and output from
  RA21 [3] in future versions
* Operated by GÉANT/CESNET for the eduGAIN community
* Multi lingual (If your language is not supported yet,
  only 7 strings (or 14 English words) need to be translated.
  We are happy to add more languages)


Can I see it in action?
-----------------------
Sure, to get an idea how it looks like, go here:
https://swit.ch/eduteams-ds-example

This shows the eduGAIN IdPs with R&S and without Hide-From-Disco entity
category. More examples using different filters are also available here:
https://wiki.geant.org/display/ED/Example+Filter+Rules


How can I use it?
-----------------
If you are using a Shibboleth SP or another implementation that supports
the SAML2 Discovery Service protocol, it's a matter of 2 minutes as is
demonstrated in this screen cast: https://youtu.be/MiGyM0mg6k8

More detailed information and guides can be found here:
https://wiki.geant.org/display/ED/How+to+setup+a+Service+Provider


Can it also be used by non-eduGAIN SPs?
---------------------------------------
As of now, the eduTEAMS Discovery Service shows only eduGAIN IdPs.
However, if there is huge demand for it, the eduTEAMS Discovery Service
can also load metadata from individual federations and also show their
IdPs on request/configuration.


Who is operating it?
--------------------
The eduTEAMS Discovery Service is operated on behalf of GÉANT by our
colleagues from CESNET (CZ) who also operate the eduID.cz federation.
CESNET has been operating and improving their Discovery Service
implementation for several years.


Do you have more questions or comments?
Please free to get in touch with us via: support AT eduteams.org


On behalf of the eduTEAMS team
Lukas Hämmerle



[1] https://wiki.geant.org/display/ED/eduTEAMS
[2] https://discovery.eduteams.org/filter.php
[3] https://ra21.org/


PS: Sorry for cross posting and merry X-Mas :-)

-- 
SWITCH
Lukas Hämmerle, Trust & Identity
GÉANT Project Task Leader of
eduGAIN Service Development - Research and Service Providers
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 05, direct +41 44 268 15 64
lukas.haemmerle AT switch.ch, http://www.switch.ch