Interfederation

[Tom Scavo <>]

On Tue, Mar 4, 2014 at 9:53 AM, Scott Koranda 
<>
 wrote:
> On Tue, Mar 4, 2014 at 8:34 AM, Tom Scavo 
> <>
>  wrote:
>
> Frankly IdPs that advertise support for artifact but do not actually support
> it is a problem in the InCommon metadata, so hiding that option initially
> is IMHO a good idea.

Yes, I realize that's a problem, and if I could write a script to test
that, I would, but I don't think that's possible.

> IdPs that want to support it should have to take some action to expose
> the functionality.

That's a good idea.

> If there could be some type of "InCommon blessed" Shibboleth IdP deployment
> or configuration (as asked by Steven) having it not include artifact
> or attribute query by default would
> also be helpful I think.

Good suggestion.

>> Do you mean a standalone attribute query to the LIGO IdP?
>
> Yes.
>
>> May I ask, do you have this working in production?
>
> Not yet in production, no... I want to
> have the flexibility for the LIGO IdP to support attribute query and
> it would be helpful for that endpoint to be published in InCommon and,
> soon, then find its way into eduGAIN metadata.

Well, ScottC can correct me if I'm wrong but that's easier said than
done (and btw, I have a similar use case, so I have skin in this game
:) An attribute authority that supports standalone attribute query
(apart from SSO) requires a distinct role descriptor in metadata. The
AttributeAuthorityDescriptor is not relevant to standalone attribute
query.

The good news is that ScottC and I saw the handwriting on the wall
many years ago and so we published this standard:

https://wiki.oasis-open.org/security/SstcSamlMetadataExtQuery

This is what we need to implement in metadata.

>> With what SP(s)?
>
> The SPs are those that will be run by LIGO sister projects such as the
> KAGRA gravitatonal wave detector being built in Japan, or other
> astronomy and astrophysics projects.

I understand now, thanks.

Tom