edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Nick Roy <nroy AT internet2.edu>
- To: Peter Schober <peter.schober AT univie.ac.at>
- Cc: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
- Subject: Re: [eduGAIN-discuss] reference for expired certificate warning
- Date: Wed, 20 Nov 2019 17:38:59 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sKu5ZP+eSqAX2yqvQ30eFovS/Y4p9zhX127Iemi+INI=; b=DSd9j6o1rb0jFTH+hFD7BpJ+D2mJCW/nFweVdxSTWzOU8h2Jt47jEwWejzJDUNtmzWyO232haP/46aZVAJ6ITaLV2EQ6ZrGJ70IMDkQZGPsWtbWLuDPyJFqlSLn7ckAQNzblkwGjq2fGJBKcpsYelObKIxCdP3IylYNpXKKir4I+npqQ7TPNUDoy0am9kb2v+nWtpNJ/SXuxdVauXcej/+BG5cdJzIgax+59GCfjqpj0Bt5YyjC5UpokzmmZeVKrWfI8CYqoW5BvdGrPGZXSu2nH9pYoad3X3/wtftIIqCs3Vwo66hLkRDhzspY2mUbNKCL8xkrNtxVr6tvEIOAzDQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BSR0ZDtBnZexryqPmVPndZPsmyLfjTGX3qjipQk4PMr4aHIpsPNJyVoOyla2rnJpB+nVQCgpnd1O9RldLv5TkV9LyDD9mhBDBdkp/KWm8OatOZpBdnlMaRjQdSAAMVbuOpemuSWEmV5eB61qB+plMJQ2Kz6HjYiyzIWW4lq8aDd5+VFaS7U9fLiEMIpRQ948c4I0NX1c1bRX/ISb0JF62T2TLNtENYU2uLg98OoHtGl9b2KhEnEHSTWDc4gQ5B+pUXo162jbv3psk881wVHa3N0JW79fyWi3JsOfXHI5Eb1HDc8ByI1koi99N2T4axCZ5FEKS0+KYGpUfpU1vCWNTw==
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=nroy AT internet2.edu;
Thanks Peter - please don't quote me by name, but feel free to use my words,
or modify them as needed. A REFEDS blog post on this topic would be
excellent, and it might be best to come from a nameless "editorial board" or
something, to avoid blowback. I'd volunteer to contribute to the anonymous
authorship of such a post.
It is not just ADFS that has these problems, it's stuff like Oracle/IBM FIM,
even Ping to some extent. Don't get me started on the IDaaS stuff...
Nick
On 20 Nov 2019, at 1:50, Peter Schober wrote:
> * Nick Roy <nroy AT internet2.edu> [2019-11-20 00:03]:
>> Perhaps counterproductively adding to my rant below: ADFS is
>> terrible, but works just well enough to lull people into the belief
>> that it won’t screw everything up, as it invariably does, down the
>> road. I spend at least 80% of my direct-end-user-contact time
>> coaching people with ADFS problems. ADFS *should not be used* in the
>> context of R&E federations, nor should other similar software. This
>> is a real problem that I don’t know how to address in our context,
>> but the problem is getting worse every day.
>
> Thank you for your very clear words in this regard.
>
> Maybe this should be made known more widely? Open to ideas how that
> would work. A REFEDS blog post? A disclaimer message to be relayed by
> (Full Mesh) federations?
> I'll start by quoting your post above in our documentation.
>
> At this time we only have a single MS-ADFS entity registered, so my
> communication has been pretty clear and seemingly was effective so
> far. That one entity could end up being used a lot more, though,
> through services proxied behind its SP-side...
>
> -peter
Attachment:
signature.asc
Description: OpenPGP digital signature
- Re: [eduGAIN-discuss] reference for expired certificate warning, (continued)
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 19-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Leif Johansson, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nicole Harris, 20-Nov-2019
- RE: [eduGAIN-discuss] reference for expired certificate warning, Warda Al Habsi, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 20-Nov-2019
- RE: [eduGAIN-discuss] reference for expired certificate warning, Warda Al Habsi, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Leif Johansson, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 19-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 11/20/2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Thijs Kinkhorst, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Tomasz Wolniewicz, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Zenon Mousmoulas, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Guy Halse, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
- Sv: [eduGAIN-discuss] reference for expired certificate warning, Pål Axelsson, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
Archive powered by MHonArc 2.6.19.