InCommon Technical Discussions

[Scott Koranda <>]

Hi,

I would argue that everybody that thinks they want to input into the
FIM4R discussion of ECP should join the FIM4R email list and directly
contribute.

See

https://fim4r.org/

and click 'Contact'.

Thanks,

Scott K

> Nick,
> 
> Could you create something like a Google form for people to report their 
> usage?
> That might facilitate a large volume of responses.
> 
> Jacob
> 
> On Sep 7, 2017, at 5:33 PM, Nick Roy 
> <>
>  wrote:
> 
> 
>     FYI - it would be good to understand the use of ECP in InCommon.  How 
> many
>     of you use/need ECP?  It is included as a MUST for IdPs in the Kantara
>     SAMLv2.0 Implementation Profile for Federation Interoperability: 
> https://
>     kantarainitiative.github.io/SAMLprofiles/fedinterop.html  It is possible
>     that could change if few real use cases exist.
> 
>     Best,
> 
>     Nick
> 
> 
>     -------- Forwarded Message --------
>         Subject: who needs support for ECP?
>     Resent-From: 
> 
>            Date: Thu, 7 Sep 2017 20:43:53 +0200
>            From: Peter 
> <>
>              To: 
> 
>              CC: 
> 
> 
> 
> 
>     Dear FIM4R people,
> 
>     within AARC2 a very lively and sophisticated discussion has taken place
>     about the question whether SAML ECP should be mandatory or not in a SAML
>     idP software
>     conformance document.
> 
>     Although the main use case of ECP (non-web SSO) can be handled by other
>     technologies such as OAuth2/OIDC, a number of SAML based deployments
>     need ECP. The question is, how high this number is, and the idea came up
>     to ask this list, which I am doing herewith:
> 
>     Who of you think that a proper SAML IdP-Implementation should support
>     ECP and who uses it within their research infrastructure.
> 
>     To start answering the question:
> 
>     In DARIAH we have specified and implemented a Storage API that uses ECP
>     for authentication. A second version of this API also supports OAuth2,
>     thus although we would not need ECP support any more I still think that
>     a SAML document should mandate ECP so that named use cases could be
>     implemented within one technology stack such as  SAML. There might be
>     security considerations though that speak against ECP.
> 
>     So now its your turn to answer the question ;-)
> 
>     Cheers
> 
>     Peter
> 
> 
>     --
>     _______________________________________________________________________
> 
>     Peter Gietz (CEO)
>     DAASI International GmbH                   phone: +49 7071 407109-0
>     Europaplatz 3                              Fax:   +49 7071 407109-9
>     D-72072 Tübingen                           mail:  
> 
>     Germany                                    Web:   www.daasi.de
> 
>     DAASI International GmbH, Tübingen
>     Geschäftsführer Peter Gietz, Amtsgericht Stuttgart HRB 382175
> 
>     Directory Applications for Advanced Security and Information Management
>     _______________________________________________________________________
> 
> 
> 
>     To unsubscribe from this list, send email to 
> 
>  with the
>     subject: unsubscribe technical-discuss
> 

> To unsubscribe from this list, send email to 
> 
>  with the subject: unsubscribe technical-discuss