Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Assessment of Russia/RUNNet AAI for eduGAIN membership

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Assessment of Russia/RUNNet AAI for eduGAIN membership


Chronological Thread 
  • From: Alan Buxey <alan.buxey AT myunidays.com>
  • To: Peter Schober <peter.schober AT univie.ac.at>
  • Cc: Порхачев Василий <porhachev AT runnet.ru>, edugain-discuss AT lists.geant.org, "Ilya V. Vasiliev" <vasilyev AT runnet.ru>, Alexey Abramov <abramov AT runnet.ru>
  • Subject: Re: [eduGAIN-discuss] Assessment of Russia/RUNNet AAI for eduGAIN membership
  • Date: Thu, 15 Mar 2018 13:06:39 +0000
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=myunidays.com

hi,

> I don't think anything I said has anything to do with local laws or
> eduGAIN specifically. E.g. demanding that IDPs reject unsigned SAML
> authentication requests (which is included in what you're mandating)
> does not solve an existing problem, but will prevent you from using
> probably 90% or more of existing SAML SPs in the world (whether they
> join your federation locally or via interfederation is irrelevant).
> You're requirement goes too far (and I'd claim for no good reason).

some federations already require SPs to sign their requests to IdPs
due to national law.

I think the requirement for members to use up to date software is a
noble clause...but agree with
you, Peter, that it needs to be worded such that those living on LTS
distributions can partake -
though such setups often end up with archaic versions of
tools/software/daemons :/

likewise, minimum attribute release as a standard is a 'good
thing'(TM) , more likely that things,
if standard followed, will just work. though I would tie that down to
the released attributes
varying depending on the SP being in certain categories - eg R&S,
CoCov2, Siftfi etc

agree that only attributes within correct mapped space should be used
- use eduPerson ones
if they exist, use schac ones if they exist..if neither exists, work
to getting such created (in whatever
space) but don't just make ones up.


alan



Archive powered by MHonArc 2.6.19.

Top of Page