Interfederation

[Scott Koranda <>]

> Ian took a look at the file I was producing, and saw immediately
> that it is in fact an aggregate of the IC file and the UK export
> file. My bad. In my defense, it turns out the UK export file only
> contains 16 EntityDescriptor elements, so they're hard to find. My
> file currently contains ALL of IC plus the UK export; its available
> at:
> 
> http://stc-test4.cis.brown.edu/mda-output/interfed-test-unsigned.xml
> 
> Scott K -- can you take a look, and see if your proposed partners
> are in that file ? There are some Cardiff entries.

I believe so. The first POC is to have non-LIGO Cardiff
scientists use a Cardiff IdP to authenticate and then gain
access to the LIGO wiki SP.

In your file I see

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
    ID="uk001170"
    entityID="https://idp-preprod.cardiff.ac.uk/idp/shibboleth";>
    <!--
        This is a Shibboleth 2 test IdP (clustered with
        Terracotta 3.0) for Cardiff University.
    -->
    <Extensions>
        <mdrpi:RegistrationInfo 
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" 
registrationAuthority="http://ukfederation.org.uk"/>
        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" 
regexp="false">cardiff.ac.uk</shibmd:Scope>
        <ukfedlabel:UKFederationMember 
xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"/>
        <ukfedlabel:AccountableUsers 
xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"/>
        <wayf:HideFromWAYF xmlns:wayf="http://sdss.ac.uk/2006/06/WAYF"/>

    </Extensions>

<snip>

and this correlates with what I see on this page Ian pointed
me at

http://www.ukfederation.org.uk/content/Documents/InterfederationTrialFAQ

Is the next step for me to configure my SP to ingest this
feed?

Or, since you have done the hard work, should I take what you
have done and with your help transfer it to somewhere a bit
more permanent on a LIGO server? 

That is, should I try to do an installation of the Shibboleth
Metadata Aggregator on a LIGO server with your help and create
the same aggregate?

If your sandbox is somewhat stable I am happy to use it for
now but if you prefer I can get this transferred to something
that LIGO will look after as "production" until such time that
InCommon can host this service on behalf of the federation.

Cheers,

Scott