interfed - Re: [inc-interfed] opt-out / opt-in
Subject: Interfederation
List archive
- From: Ian Young <>
- To:
- Subject: Re: [inc-interfed] opt-out / opt-in
- Date: Fri, 3 May 2013 17:25:41 +0100
- Authentication-results: sfpop-ironport04.merit.edu; dkim=pass (signature verified [TEST])
On 3 May 2013, at 17:13, Tom Scavo
<>
wrote:
> why not do the following:
>
> - The LIGO SP directly consumes a UKF metadata aggregate (like it does now)
That's not what the LIGO SP is doing today. It's consuming an aggregate
consisting of both InCommon-registered entities *plus* entities from
elsewhere. At the moment, "elsewhere" is just the UKf, but that's not the
direction of travel.
> - The Cardiff IdP directly consumes the InCommon metadata aggregate
> (no special "export aggregate" needed)
Why not? Because it doesn't scale. If each IdP has to directly consume an
aggregate from every federation which has registered an SP it wants to use,
they need to know about those aggregates and need to know about a trust root
for each one. What we're providing them with is a *single* aggregate they
can consume which will include *all* of the entities they need, from whatever
source.
> What value can InC Ops add to the UKF aggregate?
The value you'd be adding would be that the consumer doesn't need to know or
care which source the entities come from, and that you're aggregating
entities from potentially multiple sources so that they don't have to.
-- Ian
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [inc-interfed] opt-out / opt-in, Jim Basney, 05/02/2013
- Re: [inc-interfed] opt-out / opt-in, Tom Scavo, 05/03/2013
- Re: [inc-interfed] opt-out / opt-in, Ian Young, 05/03/2013
- RE: [inc-interfed] opt-out / opt-in, Cantor, Scott, 05/03/2013
- Re: [inc-interfed] opt-out / opt-in, Scott Koranda, 05/04/2013
- Re: [inc-interfed] opt-out / opt-in, Tom Scavo, 05/03/2013
Archive powered by MHonArc 2.6.16.