US Federations Discussion

[Ann West <>]

Hi Ying,

We don't have an interfed working group per se, but are actively involved in 
interfed from the Internet2 Middleware Initiative in addition to InCommon. 
MACE-Dir, for example, provides the care and feeding of eduPerson, which is 
now used internationaly. 

InCommon does participate in REFEDS with other federation operators. 
Interfederation is being actively explored and as you know there are examples 
out there in the UK, Kalmar Union in the Nordic countries, eduGAIN in Europe, 
among others. I noticed that the Danish federation is not a member of 
eduGAIN, the most likely interfed activity.

I wonder if you can federate with them directly under an informal bi-lateral 
agreement with separate metadata for now?  

Ann

-- 
Ann West
Assistant Director,
Assurance and Community
Internet2/InCommon/Michigan Tech 

 
office: +1.906.487.1726 



----- Original Message -----
> Hi Tom,
> 
> Thank you for your reply. It's good to know where we are. I'm aware
> that InCommon is one of the participants in REFEDS, which focuses on
> topics involved in international collaboration in research and
> education. Interfederation seems to be one of the topics. We are
> interested to know if InCommon is actively involved  in REFEDS
> effort, and whether there is a workgroup focused in this area. Any
> information helps.
> 
> Thanks,
> Ying
> ______________________________________
> From: Tom Scavo 
> []
> Sent: Monday, May 14, 2012 3:20 PM
> To: Ma, Ying
> Cc: 
> 
> Subject: Re: [USFeds] suggestion on inter-federational SSO?
> 
> Hi Ying,
> 
> > We have a case where a professor at University of Southern Denmark
> > (SDU) would like his students to access a Moodle application
> > provided at UCLA. The Moodle application is an InCommon SP. A
> > little
> > research led me to believe that SDU is a member of Danish
> > e-identity
> > federation WAYF. WAYF is a SAML 2 federation that supports some
> > eduPerson attributes including eduPersonPrincialName. I wonder if
> > anyone out there knows about any possible solution of
> > inter-federational SSO that might allow user from a WAYF IDP to
> > access an InCommon SP.
> 
> This is a very reasonable request. However, there is no easy way to
> accomplish this. Currently there is no interfederation agreement
> between InCommon and WAYF.
> 
> > If this scenario is currently not practical,
> > would bi-lateral integration (metadata exchange) with WAFY or SDU
> > IdP be reasonable alternatives?
> 
> Yes, that is always a possibility. Of course all it takes is a few
> repetitions of this exercise and we're back to square one, that is,
> how do we interfederate in general.
> 
> > Any other practices that address similar use cases?
> 
> I've heard of a number of similar use cases but as of yet there is no
> general solution to this problem.
> 
> Hope this helps,
> 
> Tom Scavo
> Operations Manager
> InCommon.org
> https://twitter.com/trscavo