Interfederation

[Tom Scavo <>]

On Tue, May 28, 2013 at 5:28 PM, Basney, Jim 
<>
 wrote:
> On 5/28/13 3:36 PM, "Tom Scavo" 
> <>
>  wrote:
>>
>>I'm pretty confident in saying eduGAIN metadata would NOT be bundled
>>in the current InCommon aggregate.
>
> I was thinking of our recommendation for a single InCommon
> "interfederation" metadata aggregate that would provide a stable source of
> entity metadata for consumption by InCommon members wishing to
> interfederate with external entities based on bilateral, hierarchical, and
> multilateral interfederation agreements.
>
> So it isn't really specific to eduGAIN -- it's a cost of supporting any
> type of interfederation.

Let me push back on that. If InCommon and UKf were to enter into a
bilateral agreement such that each other's metadata is deemed
equivalent (in terms of technical trust), then yes, we could bundle
all of those entity descriptors into a single aggregate. I'll go so
far as to say that that aggregate would be at the same location as
today's production aggregate.

I don't think we'd be doing anyone a favor by bundling entity
descriptors of varying degrees of technical trust. I'm afraid eduGAIN
doesn't level the playing field in that regard.

>>> * No consistent level of assurance of identities.
>>
>>You mean of individuals who submit metadata? This is part of
>>registration practice statement. Are you thinking of something else?
>
> I'm just pointing out that there's no eduGAIN Bronze/Silver, so SPs would
> have little confidence in the authentication assertions issued by IdPs.

Like R&S, that seems to be out of scope. It seems to me REFEDs has to
standardize these notions apart from any service eduGAIN provides.

Tom