Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?


Chronological Thread 
  • From: Maarten Kremers <maarten.kremers AT surf.nl>
  • To: Lukas Hämmerle <lukas.haemmerle AT switch.ch>
  • Cc: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
  • Subject: Re: [eduGAIN-discuss] Guest and open IdPs in eduGAIN?
  • Date: Mon, 16 May 2022 07:18:59 +0000
  • Accept-language: nl-NL, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OhPXvzFTxOg6uhGhqem6LkGCqVUfJy8EdGT+c830Ukc=; b=PerK6HcOd4Dg+9DWxO+n8JrnfPqkNZTh4JtXHrGD1Rffk6vdXMIKz+FYigcpAx51qCd3tjC1cvZqrT9xNne4qkrjxMnCLN5OITg06bNgk53Ri6beF/ALHaNX2MMRXkHRTnWrpkic2fT05R6Ztkj8Wde+bLVQcdywA3ZoBCAKFsG9C5q7s4shIGgwaqjRXZPCdjghHls95uVQ+DzB/z0LQ1MNo5VcWgDzGzE2cHXRbahYOOaslghlHPi/bqHCvyvARXLYfn+TNL80qlcYHwmfgpPEAz4RwVwNc5Kmtj5Nab0ygrs8EXjrm69CulOmJadqcbd2evx6MKQytHdM7XU6bQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H3Ourn2OlsWZLCCXM6QDTFTapSUv+vmB5kIur6exRgMFI9Ey7yyk4CvK+hKo9Lx9zJPDISspt13QtTl7zHX5VTfwNFPYsBkVyoi5LEWoVq2b4KqxLBOykxC6tqEFvvYF3jjpzK2zZQ/lr/G9iCRVpLXGpRC2Cs+yM5bKze53r9LArTXdIZbd0SE/yaAh7dY/kXhH8UwEtvt0dhe0J4Oh/0D1cTBWyNhhY99xFccJ/xL1xT7vqVaGZEsYxX8IR/9jAywKkDEDoeOQj9TKet2ICF43Hy6NOXXKArJxs0PLFn0z/M1yA2eyPiuOMRzqZbCd3NR7qCFeGmn9jcX2jIB5MQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=surf.nl;

Hi Lukas,

My 2 cents: I don’t think there is any official policy (albeit some implicit
assumptions).
The REFEDS Assurance framework would be of help in my view by signalling that
an account is self asserted. This of course requires further uptake of RAF.
Nevertheless it would be good to also have more explicit view on what we as
eduGAIN expect, this could be one of the actions of the eduGAIN futures work.

Best regards,
Maarten

> On 16 May 2022, at 08:48, Lukas Hämmerle <lukas.haemmerle AT switch.ch> wrote:
>
> Hello all
>
> What is eduGAIN's current official policy and best-practice in terms of
> guest and open Identity Providers where just anyone can create an account?
>
> I as far as I see, there is nothing directly mentioned in the constitution
> and declaration regarding this point. One relevant document in this matter
> is the registration practice statement that each federation writes (and
> changes) on its own.
>
> The "Registration practice statement" of a federation declares which types
> of organisations are accepted in a federation. Assuming that a university
> or a federation operator itself would operate a guest IdP that allows just
> any user with a valid e-mail address to register an account, would this be
> ok? Or are there any limits on which attributes and values this IdP
> should/should not release?
>
> I know that there exist at least one guest IdP in eduGAIN (that releases
> just a limited set of attributes) and that probably more exist. Still, I'm
> interested in some current official response and view on this topic.
>
> The background of this question has to do with SWITCH edu-ID where we
> currently publish the university IdPs in eduGAIN but don't allow private
> identities (without university affiliation) to access eduGAIN services.
> There are library use cases where people (without university affiliation)
> need access to publisher resources (accessible via eduGAIN). Therefore, we
> are exploring the options how to allow access to these users.
>
>
> Best Regards
> Lukas
>
> --
> SWITCH
> Lukas Hämmerle, Trust & Identity
> Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
> +41 44 268 15 64 lukas.haemmerle AT switch.ch http://www.switch.ch


Maarten Kremers
Technical Product Manager Trust & Identity
GÉANT Project Task Leader Trust & Identity Enabling Communities

SURF | E maarten.kremers AT surf.nl | T +31 30 88 787 3000 | Available: Mon -
Tue - Wed - Fri
SURF is the collaborative organisation for ICT in Dutch education and research




Archive powered by MHonArc 2.6.19.

Top of Page