edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Guy Halse <guy AT tenet.ac.za>
- To: Nick Roy <nroy AT internet2.edu>
- Cc: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
- Subject: Re: [eduGAIN-discuss] reference for expired certificate warning
- Date: Thu, 21 Nov 2019 10:25:56 +0200
- Organization: Tertiary Education & Research Network of South Africa NPC
Hi On 2019/11/20 01:02, Nick Roy wrote:
Perhaps counterproductively adding to my rant below: ADFS is terrible, but works just well enough to lull people into the belief that it won’t screw everything up, as it invariably does, down the road. I spend at least 80% of my direct-end-user-contact time coaching people with ADFS problems. ADFS should not be used in the context of R&E federations, nor should other similar software. This is a real problem that I don’t know how to address in our context, but the problem is getting worse every day. With respect, I think this rant come from a privileged position of being an established player in a wealthy economy. I'll agree with you that it's terrible. However, in the context of developing R&E federations, it is the establishment we are effectively competing against. Whether we like it or not, many of our institutions are well entrenched within the Microsoft ecosystem, and already make use of ADFS for integration with O365 and a bunch of other things. They have staff who know enough about ADFS to make it work for those use cases. On the contrary, Shibboleth/SimpleSAMLphp/etc are things they have likely never encountered before. What that probably boils down to is that Microsoft are good at marketing; we are not. Our reality is also that universities are under funded, under resourced and under staffed. That has two implications: the status quo has a very long tail, and so anything that takes them out of their comfort zone gets put on a back burner for a really long time. When a researcher arrives with a use case for R&E federation, their natural answer is to set up a point-to-point relationship in ADFS in the Microsoft way. This is understandable, because it is entirely within their comfort zone, and reuses infrastructure they've already built. Even if they're not already ADFS users, installing ADFS - a product they've effectively already paid for and can get local support for through their existing partners - is far more attractive than building new infrastructure, even if that software is "free". The result is that when we come to them with the idea of R&E federation, our starting position is on the back foot. Persuading them to federate is hard enough, without having to argue against a product they're already using and that's meeting most of their other requirements. I'm very aware that even I have a privileged position. Our economy is such that I can turn round to institutions and say "we can get it to work, but only if you upgrade to the latest version", thus limiting my exposure to the broken. However that's not reality in other countries I've worked with, because in addition to the problems above, upgrading involves more money. And that doesn't happen until products go out-of-support and there's no alternative. Thus from my perspective, ADFS is something I have to learn to live with if I want R&E federation to succeed here. Given the choice between living with ADFS's quirks and abandoning the idea of getting R&E federation working, I'll choose the former. Because I have researchers who need me to maak 'n plan. [1] </metarant> - Guy [1] https://www.quora.com/What-does-a-boer-maak-n-plan-mean --
Guy Halse Director Trust & Identity Tertiary Education & Research Network of South Africa NPC Fault Reporting: +27(21)763-7147 or support AT tenet.ac.za Office: +27(21)763-7102 http://www.tenet.ac.za/contact https://orcid.org/0000-0002-9388-8592 |
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Re: [eduGAIN-discuss] reference for expired certificate warning, (continued)
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 20-Nov-2019
- RE: [eduGAIN-discuss] reference for expired certificate warning, Warda Al Habsi, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Leif Johansson, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Thijs Kinkhorst, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Tomasz Wolniewicz, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Zenon Mousmoulas, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Guy Halse, 11/21/2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
- Sv: [eduGAIN-discuss] reference for expired certificate warning, Pål Axelsson, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
Archive powered by MHonArc 2.6.19.