US Federations Discussion

["Ma, Ying" <>]

Hi Tom,

Thank you for your reply. It's good to know where we are. I'm aware that 
InCommon is one of the participants in REFEDS, which focuses on topics 
involved in international collaboration in research and education. 
Interfederation seems to be one of the topics. We are interested to know if 
InCommon is actively involved  in REFEDS effort, and whether there is a 
workgroup focused in this area. Any information helps.

Thanks,
Ying
______________________________________
From: Tom Scavo 
[]
Sent: Monday, May 14, 2012 3:20 PM
To: Ma, Ying
Cc: 

Subject: Re: [USFeds] suggestion on inter-federational SSO?

Hi Ying,

> We have a case where a professor at University of Southern Denmark
> (SDU) would like his students to access a Moodle application
> provided at UCLA. The Moodle application is an InCommon SP. A little
> research led me to believe that SDU is a member of Danish e-identity
> federation WAYF. WAYF is a SAML 2 federation that supports some
> eduPerson attributes including eduPersonPrincialName. I wonder if
> anyone out there knows about any possible solution of
> inter-federational SSO that might allow user from a WAYF IDP to
> access an InCommon SP.

This is a very reasonable request. However, there is no easy way to 
accomplish this. Currently there is no interfederation agreement between 
InCommon and WAYF.

> If this scenario is currently not practical,
> would bi-lateral integration (metadata exchange) with WAFY or SDU
> IdP be reasonable alternatives?

Yes, that is always a possibility. Of course all it takes is a few 
repetitions of this exercise and we're back to square one, that is, how do we 
interfederate in general.

> Any other practices that address similar use cases?

I've heard of a number of similar use cases but as of yet there is no general 
solution to this problem.

Hope this helps,

Tom Scavo
Operations Manager
InCommon.org
https://twitter.com/trscavo