Skip to Content.
Sympa Menu

participants-research - Re: IdP discovery - list 'em all?

Subject: InC Research Participants

List archive

Re: IdP discovery - list 'em all?

Chronological Thread 
  • From: "Cantor, Scott" <>
  • To: "Basney, Jim" <>, "" <>
  • Subject: Re: IdP discovery - list 'em all?
  • Date: Thu, 1 Sep 2016 17:23:44 +0000
  • Accept-language: en-US
  • Authentication-results: spf=pass (sender IP is;; dkim=none (message not signed) header.d=none;; dmarc=bestguesspass action=none;
  • Ironport-phdr: 9a23:Kry1VRQ6W4BI8ZJ4LNUmYfqlEdpsv+yvbD5Q0YIujvd0So/mwa64YxCN2/xhgRfzUJnB7Loc0qyN7PCmBDdLuMvJmUtBWaIPfidNsd8RkQ0kDZzNImzAB9muURYHGt9fXkRu5XCxPBsdMs//Y1rPvi/6tmZKSV3XfDB4LeXtG4PUk9//l6Xro8WSME10g2/3S7ppKhin6U3zt8xcyd9gIK8qzBbYinpMf+VQwmJzY1+fgkC4ro2o9YR/8i9Ro/sn69UFS6jhcq0iRrxwDTItNGUw48utsgPMB0Pb/nIGTmQdkwJBBRTeqQv3RZr4qCD6nut70y6fOMrwC7cuVmLxwb1sTUqioy4BKzkjtCnsgctskOgT9BmooQB42ciOSIaOKbxzcr6LLoBSfnZIQssED38JOYi7dYZaSrNZZes=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

On 9/1/16, 12:09 PM,
on behalf of Basney, Jim"
on behalf of

> CILogon will soon be listing all InCommon IdPs, except those tagged
> hide-from-discovery, on our discovery interface at
> <>.
> We're also going to start whitelisting eduGAIN IdPs using the
> research-and-scholarship and sirtfi tags. Details at
> <>. I'm interested in any
> comments on our plans.

The page there says "The R&S and Sirtfi prerequisites are in place to satisfy
IGTF traceability and uniqueness requirements.", and I was curious why that
applies only to eduGAIN and not InCommon IdPs.

> I fear our requirement, from IGTF, to whitelist only eduGAIN IdPs with
> both the research-and-scholarship and sirtfi tags is sending us down the
> whitelisting path again, when we should be listing all IdPs and handling
> the errors. Maybe we should list all the eduGAIN IdPs then show an error
> page if users select an IdP that doesn't support research-and-scholarship
> and sirtfi? Maybe that's something we can do when sirtfi is more widely
> adopted.

Maybe related to my question above. I noticed the same disconnect, but it
sounds like there's a policy reason you can't let them succeed anyway, so
it's more a case of error behavior. I would agree that it seems confusing to
hide those IdPs in a way that doesn't clarify to the user what's going on.

In that vein, maybe it makes more sense, if you're going to whitelist on the
basis of an attribute on-boarding process, to still give people the chance to
select a non-boarded IdP and then simply say "not boarded, this is what's got
to happen first..."

-- Scott

Archive powered by MHonArc 2.6.19.

Top of Page