An open discussion list for topics related to the eduGAIN interfederation service.

[Warda Al Habsi <warda AT omren.om>]

Hi all,

I would like to share the OMREN experience, 100% of our members are on ADFS 
and support is normal compared to Shibboleth. I'm a team member who worked on 
two different federations on both Shibboleth and ADFS.
I can see a  big difference between the two options at least in Oman. Our 
members are more interested and responsive with ADFS and they can do the 
initial troubleshooting. Our users are not forced to use ADFS, they can 
select other options as well. We were able to form a task force team from the 
members, so they collaborate and help each other. 

Regards,

Warda Al Habsi, 
Applications Manager
Oman Research and Education Network - OMREN, 
The Research Council 
P.O.Box 92, Innovation Park Muscat - Al Khoud 123, 
Sultanate of Oman 
M: +968 90991133
F: +968 22305820 
E:  warda AT omren.om 
W: www.omren.om 
ORCID ID: https://orcid.org/0000-0003-1769-4670 

OMREN is an initiative by the research council Oman (TRC) to contribute to 
the rise of an effective national innovation ecosystem, and provide the 
research and education community in the sultanate of Oman with a common 
network and collaboration infrastructure dedicated and adapted to their 
needs. 



-----Original Message-----
From: edugain-discuss-request AT lists.geant.org 
<edugain-discuss-request AT lists.geant.org> On Behalf Of Leif Johansson
Sent: Wednesday, November 20, 2019 2:34 PM
To: edugain-discuss AT lists.geant.org
Subject: Re: [eduGAIN-discuss] reference for expired certificate warning

On 2019-11-20 09:50, Peter Schober wrote:
> * Nick Roy <nroy AT internet2.edu> [2019-11-20 00:03]:
>> Perhaps counterproductively adding to my rant below: ADFS is 
>> terrible, but works just well enough to lull people into the belief 
>> that it won’t screw everything up, as it invariably does, down the 
>> road. I spend at least 80% of my direct-end-user-contact time 
>> coaching people with ADFS problems. ADFS *should not be used* in the 
>> context of R&E federations, nor should other similar software. This 
>> is a real problem that I don’t know how to address in our context, 
>> but the problem is getting worse every day.
> 
> Thank you for your very clear words in this regard.
> 
> Maybe this should be made known more widely? Open to ideas how that 
> would work. A REFEDS blog post? A disclaimer message to be relayed by 
> (Full Mesh) federations?
> I'll start by quoting your post above in our documentation.
> 
> At this time we only have a single MS-ADFS entity registered, so my 
> communication has been pretty clear and seemingly was effective so 
> far. That one entity could end up being used a lot more, though, 
> through services proxied behind its SP-side...
> 
> -peter
> 

While I tend to agree the pain is mostly localized to those that choose to 
sniff this particular sock. The organizations who run ADFS do that for 
reasons that will not be influenced by what REFEDS say.

We may be able to get MSFT to improve things... I have had some chats with 
their new head of identity (or whatever the title is) Pamela Dingle who at 
least make the right noices. I know this is not the first time somebody said 
this too.

Possibly a statement from REFEDS if wielded in a smart way may serve to make 
things a bit more concrete.

        Cheers Leif