InC Research Participants

["Wessel, Keith" <>]

I would first argue, if they don't have a business case for CILogon, why they 
care that their IDP is listed.

If the reason is that researchers who think they have a business case are 
coming to CILogon, they perhaps they do have a business case and don't know 
it.

And if they really don't, it seems like this should be handled in federated 
error handling. If you (and other SP operators) are going to spend all yoru 
time manualy blacklisting IdPs who "don't have a business case," well... 
you're going to spend all your time doing that.

Considering the number of SPs who are using centralized federation-wide 
discovery pages where blacklisting isn't an option unless the IdP wants to be 
removed from every interaction, this just doesn't make sense to me.

Keith


-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of Basney, Jim
Sent: Thursday, September 15, 2016 11:58 AM
To: 

Subject: Re: IdP discovery - list 'em all?

The following exchange I just had with an InCommon IdP operator may be of 
interest to other InCommon R&S SPs:

IdPO: We don't have a business case for CILogon. Please remove our IdP from 
your list.
CILogon: Please set the hide-from-discovery attribute for your IdP to remove 
yourself from the list.
IdPO: The hide-from-discovery attribute will break things for the SPs we care 
about.
CILogon: OK, we've manually blacklisted your IdP.

Just one data point so far, but it adds a new wrinkle for our "list 'em all" 
approach.

-Jim