Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] IdP without DNS records

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] IdP without DNS records


Chronological Thread 
  • From: Peter Schober <peter.schober AT univie.ac.at>
  • To: Scott Koranda <skoranda AT gmail.com>
  • Cc: edugain-discuss AT lists.geant.org
  • Subject: Re: [eduGAIN-discuss] IdP without DNS records
  • Date: Tue, 8 May 2018 18:18:47 +0200
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=univie.ac.at
  • Organization: ACOnet

* Scott Koranda <skoranda AT gmail.com> [2018-05-08 17:53]:
> > Those whose endpoints are reachable by 100% of
> > their user community, and whose logos are reachable globally?
>
> That user community is not my user community.

I was clearly talking about my own example ("logos are reachable
globally"). Yet you've chosen to reply with some other IDP in mind
somehow causing performance problems. (The IDP from my example
wouldn't, not even for what you consider "your" user community.)

So you're not actually replying to what I said, but to something else
(the pathological cases you have to deal with).
That's fine, but quoting me serves to confuse, and it obscures the
fact that we're actually agreeing. ;)

> > Or any IDP where the logo does not resolve at the time you test it?
>
> We generally begin to filter them out after they have not resolved
> for some time and the effect on the discovery service has been
> noticed by humans. We do some due diligence, notify the IdP
> registrar, and then begin filtering them out.

That's fine, modulo my concern about treating IDPs with broken logo
URLs worse that IDPs with no logos at all.

I understand "No logo doesn't cause performance issues, broken URL
does", but see below for a different apporach.

> I observe that we find these IdPs from time-to-time in the metadata
> aggregates and it degrades the performance of our discovery service
> so we take action to provide our users a better experience.

Fully understood. But I'd suggest a more surgical approach, by
removing the offending XML elements referencing the broken logo URLs,
no the whole IDP entity descriptor.

> As part of that effort we try to partner with registrars and work
> with the community. I have not made any demands of eduGAIN. I asked
> if you would consider the "hide from discovery" tag. You explained
> why you would not. I appreciate that dialogue.

I only argued that it would not be appropriate for the IDP from my
(and Dick's) hypothetical example!

It may well be for other (actually pathological, not just "I wouldn't
recommend it but it works fine and doesn't cause anyone else any
trouble" cases.

-peter



Archive powered by MHonArc 2.6.19.

Top of Page