edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Davide Vaghetti <davide.vaghetti AT garr.it>
- To: Lukas Hämmerle <lukas.haemmerle AT switch.ch>, edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?
- Date: Mon, 16 May 2022 09:11:49 +0200
Hello Lukas,
It's nice to hear you and (unsurprisingly) with an interesting use case. I think you are right saying that eduGAIN does not have any specific policy requirement about open IdPs and self-asserted identities.
More generally speaking, we lack two things: on the one hand a common assurance framework adopted and recognized by all the eduGAIN participants, on the other a policy decision about the minimum (or baseline which is fancier) requirements for eduGAIN enabled identities.
A common assurance framework exists, it's the REFEDS Assurance Framework [1] and with RAF I think it would possible to clearly define self-asserted identities for this specific use case. Nonetheless, AFAIK RAF is far from being adopted by all the eduGAIN participants.
Please note that an assurance requirement for eduGAIN is also currently being discussed in the eduGAIN Futures Working Group [2]
That said, I think in principle SWITCH could create a RAF profile to signal that the eduID private identities (no university affiliation) are self-asserted.
Bests,
Davide
[1] https://wiki.refeds.org/display/ASS/REFEDS+Assurance+Framework+ver+1.0
[2] https://wiki.geant.org/display/eduGAIN/eduGAIN+Futures+Working+Group+Charter
On 16/05/22 08:48, Lukas Hämmerle wrote:
Hello all
What is eduGAIN's current official policy and best-practice in terms of guest and open Identity Providers where just anyone can create an account?
I as far as I see, there is nothing directly mentioned in the constitution and declaration regarding this point. One relevant document in this matter is the registration practice statement that each federation writes (and changes) on its own.
The "Registration practice statement" of a federation declares which types of organisations are accepted in a federation. Assuming that a university or a federation operator itself would operate a guest IdP that allows just any user with a valid e-mail address to register an account, would this be ok? Or are there any limits on which attributes and values this IdP should/should not release?
I know that there exist at least one guest IdP in eduGAIN (that releases just a limited set of attributes) and that probably more exist. Still, I'm interested in some current official response and view on this topic.
The background of this question has to do with SWITCH edu-ID where we currently publish the university IdPs in eduGAIN but don't allow private identities (without university affiliation) to access eduGAIN services. There are library use cases where people (without university affiliation) need access to publisher resources (accessible via eduGAIN). Therefore, we are exploring the options how to allow access to these users.
Best Regards
Lukas
--
Davide Vaghetti
Consortium GARR
Tel: +390502213158
Mobile: +393357779542
Skype: daserzw
- [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Lukas Hämmerle, 16-May-2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Peter Brand, 16-May-2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Lukas Hämmerle, 16-May-2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Peter Brand, 16-May-2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Davide Vaghetti, 05/16/2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Lukas Hämmerle, 17-May-2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Maarten Kremers, 16-May-2022
- RE: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Pål Axelsson, 16-May-2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Maarten Kremers, 16-May-2022
- RE: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Pål Axelsson, 16-May-2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Maarten Kremers, 16-May-2022
- RE: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Pål Axelsson, 16-May-2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Maarten Kremers, 16-May-2022
- RE: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Pål Axelsson, 16-May-2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Maarten Kremers, 16-May-2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Lukas Hämmerle, 17-May-2022
- Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?, Peter Brand, 16-May-2022
Archive powered by MHonArc 2.6.19.