An open discussion list for topics related to the eduGAIN interfederation service.

[Dick Visser <dick.visser AT geant.org>]

There may be more, but those might be hidden behind proxies (such as
the GEANT Filesender instance, which should work for you).
I wonder what is the best way to "advertise" or otherwise make it more
obvious what is behind a proxy.
Use a more elaborate description field for the entity so it shows on
https://technical.edugain.org/entities and make it more of a service
catalogue?

Dcik

On 13 April 2018 at 18:01, Peter Schober <peter.schober AT univie.ac.at> wrote:
> * Peter Schober <peter.schober AT univie.ac.at> [2018-04-13 17:53]:
>> And while you still might find quite a few Filesender instances in
>> eduGAIN almost all of them are unusable by default, on a scale that
>> warrants its own posting (forthcoming).
>
> Here goes:
>
> There currently are 11 Filesender instances published via eduGAIN.
> I managed to successfully log in into exactly 1 of them (InCommon).
> (2 more could possibly have worked by adding manual attribute release
> rules to my IDP.)
>
> The reasons for 10 failures out of 11 are as follows:
>
> * Doesn't allow choice of not-local-federation IDPs (Haka,
>   Renater, AFIRE/ASNET, RENU, IRFED) or only lists a handful of IDPs
>   that may or may not involve entities from other federations (URAN).
>   All except maybe the last one (URAN) have no business being
>   in eduGAIN, IMO.
>
> * Doesn't have an Entity Category to motivate attribute release
>   (RedCLARA), or has neither an internationally recognised Entity
>   Category nor any RequestedAttribute elements at all (CESNET).
>   Those are not errors per se, but I'd still question why those are
>   exposed to eduGAIN at all.
>
> * Doesn't load eduGAIN metadata (RENAM, CESNET's v2 instance)
>   Clearly errors. Load eduGAIN-enabled metadata or remove the entity
>   from eduGAIN.
>
> Personally I hope that this rather sorry state of affairs is more due
> to my previous claim that Filesender does not lend itself well to
> inter-federated access (as you'll want a fast and therefore often
> local network connection to the filesender instance, especially for
> the upload part, which also is the part where authentication is
> required) and that this is therefore not representative for eduGAIN in
> general.
> Realising that doesn't change the bad aftertaste left from such a
> simple excercise, with a rather epic fail (1 out of 11 working for
> me, 2 out of 22 for people who release whatever an SP states in
> RequestedAttributes).
>
> -peter



-- 
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

GÉANT Vereniging (Association) is registered with the Chamber of
Commerce in Amsterdam with registration number 40535155 and operates
in the UK as a branch of GÉANT Vereniging. Registered office:
Hoekenrode 3, 1102BR Amsterdam, The Netherlands. UK branch address:
City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK.


Want to join us? We're hiring: https://www.geant.org/jobs