US Federations Discussion

[David Simonsen <>]

Hello Ying,

thanks for getting in touch and sorry about my slow response time.

On May 17, 2012, at 18:49 , Ma, Ying wrote:

Thank you all for your responses. For the immediate need to offer service
to two classes of students at SDU, bilateral integration with SDU IdP is
probably the approach to pursue.

You are more than welcome to connect your Moodle installation to WAYF.

Please have a look at http://wayf.dk/en/services/how-to-get-my-service-connected

At the bottom of the page, there is a link to the self-service module for setting up new connections. You can do this on your own, please go ahead, and don't hesitate to contact us if you run into problems.

One challenge here is the co-existance of a bilateral integration and InCommon SSO within the same SP.

This UCLA moodle SP currently provides service to multiple campuses across UC
system, and thus is an InCommon SP taking advantage of InCommon federated
SSO. We don't want to lose InCommon SSO since that covers the majority of
our users. If we create bilateral relationship with an IDP from a
different federation, it's likely that we need to provide a separate login
link for users from that specific IDP.

This is more of a usability concern - but a very valid one!

Technically it should not be a problem with some work done at SP, but it doesn't feel like an elegant
solution, as we are anticipating more overseas demand. I wonder if other
campuses are doing anything different to address similar situations?

Technically you may point directly at SDU, see http://wayf.dk/en/component/content/article/412

This is due to the different nature of WAYF.dk's architecture - and allows SP's like yours to point at individual IdPs.

It's great to have a contact point from WAYF. Also good to know there are
campuses in US joining foreign federations. We are interested in exploring
the case where one SP integrates with two federations across countries.
Most of the issues probably reside on the policy side (privacy concerns,
differences of government legislations, etc) rather than the technical
side, as noted by Steven.

Yes, I agree with both you and Steven.

We want to get some idea of what it takes to
become a member of foreign federation, or leverage eduGain interfed
effort, as mentioned by Ann. This is more of a long term thinking rather
than address immediate request. Any comment that you have to share is much
appreciated!

One possible answer could be: 

The interfederation effort www.kalmar2.org is already in production and has been for 2,5 years now.

If you connect to WAYF.dk, we can flag you as also being a Kalmar-SP.

Then your SP will appear in the inter-federation metadata, and thus be available in the other Nordic countries (you must also consume Kalmar2-metadata, to keep the list of Kalmar-IdPs. The metadata can be found at https://www.kalmar2.org/kalmar2web/tech_info.html 

Looking very much forward to coorporating with you,

Best

David

David Simonsen

Executive manager

Phone: +45 31216152

H. C. Andersens Boulevard 2

DK-1553 Copenhagen V

http://blog.wayf.dk

skype: david_simonsen

I

Thanks,
Ying Ma
Information Management,
IT Services, UCLA

(310)2064978


On 5/16/12 10:30 AM, "Steven Carmody" <> wrote:

On 5/15/12 2:26 PM, Ma, Ying wrote:

Thank you for your reply. It's good to know where we are. I'm aware

that InCommon is one of the participants in REFEDS, which focuses on

topics involved in international collaboration in research and

education. Interfederation seems to be one of the topics. We are

interested to know if InCommon is actively involved  in REFEDS

effort, and whether there is a workgroup focused in this area. Any

information helps.

As noted by Ann, there are already a number of situations like the one

you describe where the two schools have created a bilateral

relationship, rather than waiting for inter-federation to arrive. This

would be not much different from creating a bilateral relationship with

a cloud-based service provider who is not an IC member. (There have also

been a few cases where campuses have become members of a foreign

Federation... but let's not go there.)

I've CC'ed David Simonsen who is heavily involved with the WAYF

Federation in Denmark, and who would be your contact point if you wanted

to pursue a bilateral relationship.

The other issue if this moves forward is that an EU-based IDP would be

sending PII attributes to an SP located outside the EU. Using an

EU-resident IDP immediately means that both parties have to worry about

the EU Privacy Directive. But, if UCLA can assert that your moodle SP is

operated in compliance with a set of EU-prescribed requirements then

that would go a long way toward convincing the WAYF IDP that it is safe

to send attributes to your SP.