An open discussion list for topics related to the eduGAIN interfederation service.

[Alan Buxey <alan.buxey AT myunidays.com>]

hi,

> I don't think anything I said has anything to do with local laws or
> eduGAIN specifically. E.g. demanding that IDPs reject unsigned SAML
> authentication requests (which is included in what you're mandating)
> does not solve an existing problem, but will prevent you from using
> probably 90% or more of existing SAML SPs in the world (whether they
> join your federation locally or via interfederation is irrelevant).
> You're requirement goes too far (and I'd claim for no good reason).

some federations already require SPs to sign their requests to IdPs
due to national law.

I think the requirement for members to use up to date software is a
noble clause...but agree with
you, Peter, that it needs to be worded such that those living on LTS
distributions can partake -
though such setups often end up with archaic versions of
tools/software/daemons :/

likewise, minimum attribute release as a standard is a 'good
thing'(TM) , more likely that things,
if standard followed, will just work.  though I would tie that down to
the released attributes
varying depending on the SP being in certain categories - eg R&S,
CoCov2, Siftfi etc

agree that only attributes within correct mapped space should be used
- use eduPerson ones
if they exist, use schac ones if they exist..if neither exists, work
to getting such created (in whatever
space) but don't just make ones up.


alan