InC Research Participants

["Basney, Jim" <>]

On 9/1/16, 12:23 PM, Cantor, Scott wrote:
>The page there says "The R&S and Sirtfi prerequisites are in place to
>satisfy IGTF traceability and uniqueness requirements.", and I was
>curious why that applies only to eduGAIN and not InCommon IdPs.

My summary of the IGTF consensus is that 1) the eduGAIN agreements are
weaker than the InCommon Participation Agreement and 2) eduGAIN IdPs are
"more distant" in terms of dealing with security incidents (e.g., we might
need to involve operators of multiple federations), and (self-asserted)
R&S and Sirtfi compliance provides a compensating control for the added
risks of #1 and #2.

>Maybe related to my question above. I noticed the same disconnect, but it
>sounds like there's a policy reason you can't let them succeed anyway, so
>it's more a case of error behavior. I would agree that it seems confusing
>to hide those IdPs in a way that doesn't clarify to the user what's going
>on.
>
>In that vein, maybe it makes more sense, if you're going to whitelist on
>the basis of an attribute on-boarding process, to still give people the
>chance to select a non-boarded IdP and then simply say "not boarded, this
>is what's got to happen first..."

Yes, it seems I still need to break the IdP-whitelisting habit and instead
focus on better error handling.

Thanks,
Jim