An open discussion list for topics related to the eduGAIN interfederation service.

[Davide Vaghetti <davide.vaghetti AT garr.it>]

Hi,

in GARR we have the network-first approach as well, so you cannot join
the IDEM Federation and other services until you are connected to the
network. Tough, we have some peculiar cases, like the Erasmus+ one,
where we have hundreds of small HEIs not connected to the GARR network
and for which we've built an eduID-like IdP to let them access the
Erasmus+ services.

Bests,
Davide

On 18/11/21 08:41, Geoffroy ARNOUD wrote:
> Hi
> 
>  
> 
> We had the same approach in France before: connecting to the NREN
> network allows to join Identity Federation and access to other services.
> 
> This changed, and now institutions can subscribe to a « services
> package », that allows to use our services – including identity
> federations, but also eduroam, and other digital services we propose.
> 
>  
> 
> Regards
> 
> Geoffroy
> 
>  
> 
> *De :*edugain-discuss-request AT lists.geant.org
> <edugain-discuss-request AT lists.geant.org> *De la part de* Leif Johansson
> *Envoyé :* mercredi 17 novembre 2021 22:08
> *À :* edugain-discuss AT lists.geant.org
> *Objet :* Re: [eduGAIN-discuss] Question about federations' IdP members
> 
>  
> 
> On 2021-11-17 20:16, Valeriu Vraciu wrote:
>> Hello,
>>
>> Please help us understand and act the best possible way in the
> following matter, maybe there are/were similar cases in other federations:
>>
>> EduGain is a service supported by GEANT, gathering identity
> federations established mainly by NRENs, so a reasonable conclusion is
> that beneficiary IdP institutions are members of NRENs or have some
>> sort of relation with NREN. Please correct me if it is a wrong assumption.
> 
> Yeah mostly, although in some countries the NREN remit extend a bit
> beyond "traditional"
> higher education to include related govt agencies, k12 etc.
> 
>>
>> We have a request to join eduGain as an IdP from an accredited by the
> Ministry of Education private university, with which we did not have any
> relation (until this request). They are not connected to
>> our network and do not use any service from us, so first reaction
> seems to be a no go. Any information regarding how other federations
> deal with such cases can help us to decide further.
>> Our policy does not cover this case, maybe an update will be worth too.
>>
> 
> In Sunet we would probably take a similar approach: the SWAMID
> federation is part of
> the NREN service infra and as such requires that the customer is
> connected to the
> network. I would not go as far as saying that there would *never* be a
> case when we
> might bend that rule... but that would then probably be a decision at
> the board level
> in our case.
> 
> As always ymwv, hope this helps.
> 
> Cheers Leif
> 


-- 
Davide Vaghetti
Consortium GARR
Tel: +390502213158
Mobile: +393357779542
Skype: daserzw