An open discussion list for topics related to the eduGAIN interfederation service.

[Suhaimi Napis <suhaimi AT upm.my>]

Dear all,

Just a little advertisement on the upcoming Asia Pacific Advanced Netowk 48th Meeting to be held on 22-26 July, 2019 at Universiti Putra Malaysia. There will be an IAM Session under Backfire Project led by Brook where updates from many federation operators as well as emerging ones are deliberated. We would like to extend pur special welcome to all to this meeting. Please visit https://apan48.my/ for further information as the program schedule is currently being filled up. Hope to see some of you. Thanks you.

سحيمي نافيس   [m]

Suhaimi_Napis

Universiti Putra Malaysia

Chairman, APAN48 Local Organising Committee

SIFULAN Malaysian Access Federation

Authenticate Locally, Authorize Globally (@REFEDs)

Duckduckgo me!

On 29 May 2019, at 03:12, Guy Halse <guy AT tenet.ac.za> wrote:

Hi

Thanks, your updates address most of my concerns. I still have one thing that worries me though.

On 2019/05/28 3:27 PM, Naser A. Almesad wrote:

1029177031.7226961.1559050031646.JavaMail.zimbra AT isu.net.sa"> > Section 4 of the policy says the eligibility criteria are defined on the web page, but doesn't give a URL. That leaves me to guess, and the only place I can find that might be appropriate is https://www.maeen.sa/membership/. However > > that tells me about the benefits of the NREN, but doesn't answer the question "who can connect?". It would be useful to more explicitly define who is eligible to act as an identity provider (usually restrictive) and as a service > > provider (usually more permissive).

https://www.maeen.sa/services/identity web page now updated.

I just wanted to check my understanding of what's now there. It now says:

1-Are You Eligible?
Subscription to the federation is available to MAEEN members.

The way I read that, only existing MAEEN members are eligible to join the federation in any role, and existing members all appear to be research, education, and governmental agencies.

That's entirely expected for the identity provider role: typically we want to restrict these to institutions within our communities.

However, the way its written now, you won't allow any outside service provider to join your federation unless they're also eligible to join MAEEN itself as a member. That is unusual for the service provider role: in our federation we have a number of commercial service providers who provide useful services to our institutions, but who would never be eligible to join the NREN or benefit from any of the other services we offer. An eduroam example would be a coffee shop or restaurant providing eduroam to attract customers; a SAML example would be a commercial publisher who wants to use your federation to facilitate access to their service for your member institutions.

Are you expecting such service providers to join the NREN completely? And are they even able to? Or are you deliberately intending to preclude them - maybe you're only intending on using services you learn via eduGAIN?

- Guy

--
<kmgnjmdihgifihdg.png> Guy Halse
Director Trust & Identity Tertiary Education & Research Network of South Africa NPC Fault Reporting: +27(21)763-7147 or support AT tenet.ac.za
Office: +27(21)763-7102
http://www.tenet.ac.za/contact
<kiplgeienkhmigpd.png> https://orcid.org/0000-0002-9388-8592