Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership


Chronological Thread 
    < Chronological >      < Thread >
  • From: Guy Halse <guy AT tenet.ac.za>
  • To: "Naser A. Almesad" <nalmesad AT maeen.sa>
  • Cc: <edugain-discuss AT lists.geant.org>, "Mohamad M. Al-Ghamdi" <malghamdi AT maeen.sa>, brook schofield <brook.schofield AT geant.org>
  • Subject: Re: [eduGAIN-discuss] Assessment of Saudi Arabia / Maeen Identity Federation for eduGAIN membership
  • Date: Tue, 28 May 2019 21:12:22 +0200
  • Organization: Tertiary Education and Research Network of South Africa NPC
Hi

Thanks, your updates address most of my concerns. I still have one thing that worries me though.

On 2019/05/28 3:27 PM, Naser A. Almesad wrote:
> Section 4 of the policy says the eligibility criteria are defined on the web page, but doesn't give a URL. That leaves me to guess, and the only place I can find that might be appropriate is https://www.maeen.sa/membership/. However > > that tells me about the benefits of the NREN, but doesn't answer the question "who can connect?". It would be useful to more explicitly define who is eligible to act as an identity provider (usually restrictive) and as a service > > provider (usually more permissive).

I just wanted to check my understanding of what's now there. It now says:

1-Are You Eligible?
Subscription to the federation is available to MAEEN members.

The way I read that, only existing MAEEN members are eligible to join the federation in any role, and existing members all appear to be research, education, and governmental agencies.

That's entirely expected for the identity provider role: typically we want to restrict these to institutions within our communities.

However, the way its written now, you won't allow any outside service provider to join your federation unless they're also eligible to join MAEEN itself as a member. That is unusual for the service provider role: in our federation we have a number of commercial service providers who provide useful services to our institutions, but who would never be eligible to join the NREN or benefit from any of the other services we offer. An eduroam example would be a coffee shop or restaurant providing eduroam to attract customers; a SAML example would be a commercial publisher who wants to use your federation to facilitate access to their service for your member institutions.

Are you expecting such service providers to join the NREN completely? And are they even able to? Or are you deliberately intending to preclude them - maybe you're only intending on using services you learn via eduGAIN?

- Guy
--
Guy Halse
Director Trust & Identity Tertiary Education & Research Network of South Africa NPC Fault Reporting: +27(21)763-7147 or support AT tenet.ac.za
Office: +27(21)763-7102
http://www.tenet.ac.za/contact
https://orcid.org/0000-0002-9388-8592

PNG image

PNG image

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.19.

Top of Page