An open discussion list for topics related to the eduGAIN interfederation service.

[Nick Roy <nroy AT internet2.edu>]

Hi Warda,

Are they using ADFStoolkit or something similar in order to load metadata on 
a regular basis?

Best,

Nick

On 20 Nov 2019, at 9:41, Warda Al Habsi wrote:

> Hi all,
>
> I would like to share the OMREN experience, 100% of our members are on ADFS 
> and support is normal compared to Shibboleth. I'm a team member who worked 
> on two different federations on both Shibboleth and ADFS.
> I can see a  big difference between the two options at least in Oman. Our 
> members are more interested and responsive with ADFS and they can do the 
> initial troubleshooting. Our users are not forced to use ADFS, they can 
> select other options as well. We were able to form a task force team from 
> the members, so they collaborate and help each other.
>
> Regards,
>
> Warda Al Habsi,
> Applications Manager
> Oman Research and Education Network - OMREN,
> The Research Council
> P.O.Box 92, Innovation Park Muscat - Al Khoud 123,
> Sultanate of Oman
> M: +968 90991133
> F: +968 22305820
> E:  warda AT omren.om
> W: www.omren.om
> ORCID ID: https://orcid.org/0000-0003-1769-4670
>
> OMREN is an initiative by the research council Oman (TRC) to contribute to 
> the rise of an effective national innovation ecosystem, and provide the 
> research and education community in the sultanate of Oman with a common 
> network and collaboration infrastructure dedicated and adapted to their 
> needs.
>
>
>
> -----Original Message-----
> From: edugain-discuss-request AT lists.geant.org 
> <edugain-discuss-request AT lists.geant.org> On Behalf Of Leif Johansson
> Sent: Wednesday, November 20, 2019 2:34 PM
> To: edugain-discuss AT lists.geant.org
> Subject: Re: [eduGAIN-discuss] reference for expired certificate warning
>
> On 2019-11-20 09:50, Peter Schober wrote:
>> * Nick Roy <nroy AT internet2.edu> [2019-11-20 00:03]:
>>> Perhaps counterproductively adding to my rant below: ADFS is
>>> terrible, but works just well enough to lull people into the belief
>>> that it won’t screw everything up, as it invariably does, down the
>>> road. I spend at least 80% of my direct-end-user-contact time
>>> coaching people with ADFS problems. ADFS *should not be used* in the
>>> context of R&E federations, nor should other similar software. This
>>> is a real problem that I don’t know how to address in our context,
>>> but the problem is getting worse every day.
>>
>> Thank you for your very clear words in this regard.
>>
>> Maybe this should be made known more widely? Open to ideas how that
>> would work. A REFEDS blog post? A disclaimer message to be relayed by
>> (Full Mesh) federations?
>> I'll start by quoting your post above in our documentation.
>>
>> At this time we only have a single MS-ADFS entity registered, so my
>> communication has been pretty clear and seemingly was effective so
>> far. That one entity could end up being used a lot more, though,
>> through services proxied behind its SP-side...
>>
>> -peter
>>
>
> While I tend to agree the pain is mostly localized to those that choose to 
> sniff this particular sock. The organizations who run ADFS do that for 
> reasons that will not be influenced by what REFEDS say.
>
> We may be able to get MSFT to improve things... I have had some chats with 
> their new head of identity (or whatever the title is) Pamela Dingle who at 
> least make the right noices. I know this is not the first time somebody 
> said this too.
>
> Possibly a statement from REFEDS if wielded in a smart way may serve to 
> make things a bit more concrete.
>
>       Cheers Leif

Attachment: signature.asc
Description: OpenPGP digital signature