An open discussion list for topics related to the eduGAIN interfederation service.

[Peter Schober <peter.schober AT univie.ac.at>]

* Scott Koranda <skoranda AT gmail.com> [2018-05-08 17:16]:
> Would you consider also tagging the IdP with the "hide from
> discovery" tag since the IdP is generally not discoverable?

No.

It needs to be discoverable in order for its own subjects to find
their IDP. It is a full production-level service.

> Since some discovery services pre-load logos and the like, when the
> IdP's endpoints are not reachable it can cause delays and less than
> optimal behavior for the discovery service.

You're making three assumptions here:

0. That the logo is referenced by URL, not included by value (data:
   URL).

1. That the institution would be hosting their mdui:Logos on the
   not-publicly-reachable IDP webserver.
   There's no good reason to do that and I would not register such a
   logo URL. Instead a publicly reachable logo URL from their public
   web site (not the IDP web server) is referenced in the metadata.
   This is what I did in our case.

2. That a firewall could not be configured correctly to send a RST
   in that case instead of dropping all packages silently.
   This one is slightly more difficult, mostly because the operation
   of their firewall is fully beyond our control/influcence.
   But I think (1) fully makes going there unnecessary.

-peter