An open discussion list for topics related to the eduGAIN interfederation service.

[Lukas Hämmerle <lukas.haemmerle AT switch.ch>]

Hello all

What is eduGAIN's current official policy and best-practice in terms of 
guest and open Identity Providers where just anyone can create an account?

I as far as I see, there is nothing directly mentioned in the 
constitution and declaration regarding this point. One relevant document 
in this matter is the registration practice statement that each 
federation writes (and changes) on its own.

The "Registration practice statement" of a federation declares which 
types of organisations are accepted in a federation. Assuming that a 
university or a federation operator itself would operate a guest IdP 
that allows just any user with a valid e-mail address to register an 
account, would this be ok? Or are there any limits on which attributes 
and values this IdP should/should not release?

I know that there exist at least one guest IdP in eduGAIN (that releases 
just a limited set of attributes) and that probably more exist. Still, 
I'm interested in some current official response and view on this topic.

The background of this question has to do with SWITCH edu-ID where we 
currently publish the university IdPs in eduGAIN but don't allow private 
identities (without university affiliation) to access eduGAIN services. 
There are library use cases where people (without university 
affiliation) need access to publisher resources (accessible via 
eduGAIN). Therefore, we are exploring the options how to allow access to 
these users.


Best Regards
Lukas

--
SWITCH
Lukas Hämmerle, Trust & Identity
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
+41 44 268 15 64  lukas.haemmerle AT switch.ch  http://www.switch.ch