Skip to Content.
Sympa Menu

technical-discuss - Re: [InC-Technical] RE: AWS and InCommon

Subject: InCommon Technical Discussions

List archive

Re: [InC-Technical] RE: AWS and InCommon


Chronological Thread 
  • From: "Jokl, James A. (Jim) (jaj)" <>
  • To: "" <>
  • Subject: Re: [InC-Technical] RE: AWS and InCommon
  • Date: Wed, 5 Apr 2017 00:04:41 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:y/6EphDXZWpvG+VJ2vuGUyQJP3N1i/DPJgcQr6AfoPdwSPXzpMbcNUDSrc9gkEXOFd2CrakV1ayO6uu7BSQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9GiTe5YL5+Ngm6oRjeusQYjoZpN7o8xAbOrnZUYepd2HlmJUiUnxby58ew+IBs/iFNsP8/9MBOTLv3cb0gQbNXEDopPWY15Nb2tRbYVguA+mEcUmQNnRVWBQXO8Qz3UY3wsiv+sep9xTWaMMjrRr06RTiu86FmQwLvhykJOTM0/mLahtVsgK9VvRmtoxhyz5LRbIyTKfFwfL7SfckCSGRBQMhfSjBBDI2/YYsBDeUOM+dYoJXyqVQBtha+GRKjBObzxjNUnHL736s32PkhHwHc2wwgGsoDvHrQotXyN6cSVfi5x7TMwzrZavNZxyz945XUfxw7vPqAWbZ+ccvUyUUqCgjJileQppbnPz+Q2OgGrm+W7+h6WuKtkGMntQBxoiKgxsctjInJh5gaxkra+ipk3YY4PNu1Q1N1b96jFZtfrSCaN41uT8w4RmFnoic7yroAuZKhYCcKz5EnyhjCYPKEa4iF+g/vWPiSLDtimX5od7yyiwys/US6xeDxWdG43EtIoyZbiNXAq3MA2wbd58SZUPdw/Vut1S6B1w/N6exIPUU5mK/YJpE83rE9kp8evEbNHiDrhUr7ibSZels59eWo7unof7vmq5ucOoJylwrwKL4hmtalDuQ9KgUOX3aU+eC71LD78035R69KjuEqnqXHqpzaIN4Upq+9AwNPzIYj6gy/Dzin0NQenHkINkhJdwyagIj0I13OIfb4Aumjg1m0jTtn2fPLMqf8DpjCIHXPiqntcaxy5kNT0AYzyMpQ55NQCrEPOvLzXUrxucTaDhAjMQy52PjnCNRn1oMRWGKPBK6ZP7nIvVCW++0vPvGAZJUJtzblN/gl+/nugGc4mV8bYaap2p4XaHW/HvRgOUmZZmDsgtgYHWcWoAUxUOzqiFuDUTFPfXmyW7sw6Sw6CIK9EYjDW5utgKea0Se/H51WfXxGCkuSHXvydoWEXesMZzyIIs9njDMESaatR5U/2h6zqQ+pg4Zge6DI9yYYs5Po3dww6+zIngwp7hR1Cc+a1mSKSSdzhGxCD2sq0at/p012w1PG3aljiOFDDvRS4fhOVwI9M9jb1eMsWP7oXQeUNPWOS1LiCvevBDwqBvt3i58sYkM8U5WghxKClWL+AbYXv6KKHpM19KPVmXX9OpAumD79yKA9ggx+EYN0Pmq8i/surwU=
The Internet2 agreement for AWS is actually with DLT (an AWS reseller) and
their portal is available via InCommon as Nick notes below.

Not having a direct contract with Amazon may complicate things, but this is a
topic that we should be able to discuss on the next AWS Service advisory call
and see if we can make any progress.

Jim

On 4/3/17, 12:42 PM,
"
on behalf of Nick Roy"
<
on behalf of
>
wrote:

It appears that there are two service components at play:

1) The DLT AWS portal, which allows you to do things like spin up AWS
accounts (I don't know the specific functionality in that portal, I've
never seen it). This is in InCommon and can use eduPersonEntitlement
for access control.

2) The AWS service itself, which is not in InCommon (Scott has pointed
out one reason for this).

Internet2 is working on providing much more detailed information about
how each service in the Net+ portfolio meets various community
requirements. I've asked Net+ staff if I can share info about that with
the InCommon TAC and then start a discussion about what configuration
items need to be enumerated regarding support for InCommon in Net+
services.

Best,

Nick

On 4/2/17 11:20 AM, Cantor, Scott wrote:
>> I have to separately download metadata to the NCSA IdP from
>> https://signin.aws.amazon.com/static/saml-metadata.xml? Is Internet2
>> working with AWS to get their metadata into InCommon?
> The entityID isn't valid, so that would seem to be one dealbreaker. I
can't imagine Amazon deferring any changes in order to propagate them via
metadata either, which would defeat the purpose. The worst case would be
having the metadata entered but not used properly. Manually loading it is a
clear signal that any changes will have to be manually accomodated, which is
likely to be the case.
>
> (OSU is federating with them also, so I did go through the process.)
>
> Incidentally, does anybody have an ECP-based wrapper around their
proprietary use of SAML in the CLI at this point? I've told our folks that it
seems like we'd have to support that in order to bother federating the
console.
>
> The Shibboleth Project would I think be willing to assist in or take
over support of such a wrapper, and if not, I'd certainly contribute.
>
> -- Scott
>




Archive powered by MHonArc 2.6.19.

Top of Page