Skip to Content.
Sympa Menu

participants-research - Re: IdP discovery - list 'em all?

Subject: InC Research Participants

List archive

Re: IdP discovery - list 'em all?


Chronological Thread 
  • From: Tom Mitchell <>
  • To: "Basney, Jim" <>
  • Cc: Tom Mitchell <>, "" <>
  • Subject: Re: IdP discovery - list 'em all?
  • Date: Thu, 1 Sep 2016 13:32:21 -0400
  • Ironport-phdr: 9a23:ITXeuxcVy1hRgIoBlIQmRDrYlGMj4u6mDksu8pMizoh2WeGdxc2zYh7h7PlgxGXEQZ/co6odzbGJ4+a9AidZvN6oizMrTt9lb1c9k8IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUj22Dwd+J/z0F4jOlIz3krnqo9yAKzlP0XCXaKh0IQTy5SfQs4Ne1YloI703xwrho39MeuJRxHguKF6OyUXS/MC1qaJk9mx1uu4q98NEVe2uY6E5UbdYATAOOWozosbssE+QHkO0+nIAXzBOwVJzCA/f4US/B8+pvw==


On Sep 1, 2016, at 1:23 PM, Cantor, Scott <> wrote:

 I fear our requirement, from IGTF, to whitelist only eduGAIN IdPs with
 both the research-and-scholarship and sirtfi tags is sending us down the
 whitelisting path again, when we should be listing all IdPs and handling
 the errors. Maybe we should list all the eduGAIN IdPs then show an error
 page if users select an IdP that doesn't support research-and-scholarship
 and sirtfi? Maybe that's something we can do when sirtfi is more widely
 adopted.

Maybe related to my question above. I noticed the same disconnect, but it sounds like there's a policy reason you can't let them succeed anyway, so it's more a case of error behavior. I would agree that it seems confusing to hide those IdPs in a way that doesn't clarify to the user what's going on.

In that vein, maybe it makes more sense, if you're going to whitelist on the basis of an attribute on-boarding process, to still give people the chance to select a non-boarded IdP and then simply say "not boarded, this is what's got to happen first..."

Yes, I like this. This allows a user to recognize that their institution needs to do some work to support their research goals, and possibly causes them to request of their institution that they support these categories.

Taking the other approach, where the identity provider doesn’t show up in discovery, will probably make the user go away or use an unaffiliated identity provider for access. It does nothing to prompt the identity provider to support these categories.




Archive powered by MHonArc 2.6.19.

Top of Page