An open discussion list for topics related to the eduGAIN interfederation service.

[Lukas Hämmerle <lukas.haemmerle AT switch.ch>]

Like our Swedish colleagues, better late than never a few comments on
the RUNNET AAI submission:

On 13.03.18 18:59, Brook Schofield wrote:
> So I ask the following federations to specifically review the submission
> by RUNNET AAI:
>  * South Africa/SAFIRE
>  * Spain / SIR
>  * Sweden / SWAMID
>  * Switzerland / SWITCHaai
>  * Turkey / YETKİM

Generally, I think RUNNet has done its home work and after reviewing
their published metadata and glancing over the policies, I can recommend
that the RUNNET AAI federation is accepted as eduGAIN member.


A few comments/recommendations:

* In metadata it would be nice if the IdP had a shibmd:Scope element
(<shibmd:Scope regexp="false">runnet.ru</shibmd:Scope>) that declares
the domain scopes (for eduPersonPrincipalName,
eduPersonScopedAffiliation, ...) for which this IdP can set attribute
values.

* I second Pal'S comments, especially that the minimum key length for
certificates should be 2014 bit and not 1024 bit

* In the technology profile I would strongly recommend to also make
displayName, mail at least attributes that SHOULD be supported so that
the minimum subset of the Research & Scholarship attribute set is
encouraged to support
(https://refeds.org/category/research-and-scholarship). Just making
eduPersonPrincipalName a mandatory attribute is probably good to start
but most useful federated applications also need a name and email
address to workl.


Best Regards
Lukas

-- 
SWITCH
Lukas Hämmerle, Trust & Identity
GÉANT Project Task Leader of
eduGAIN Service Development - Research and Service Providers
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 05, direct +41 44 268 15 64
lukas.haemmerle AT switch.ch, http://www.switch.ch