[Tf-aai] Filtering suspicious IdPs in CLARIN SPF
Jozef Misutka
misutka at ufal.mff.cuni.cz
Tue Apr 18 12:29:16 CEST 2017
Hi Andre,
(cc-ing tf-aai@ too for comments)
we should have a more formal and public way how to blacklist IdPs from
CLARIN SPF. We have the tools, so we really need only minor changes and
better documentation. In reality, this will be very rare but should be
documented nevertheless.
The flow is like this:
1. User authenticates to one of CLARIN SPF SPs
a) we have information about the IdP in
https://lindat.mff.cuni.cz/services/aaggreg/ so we can check if it looks
suspicious or not;
b) different web applications inform about new users (e.g.,
clarin-dspace sends an email) so we can even check if the attributes seem
ok.
ACTION POINT (optional): email new IdPs from attribute aggregator
2. In 1a) or 1b) someone finds a suspicious IdP and CLARIN SPF should be
notified about it
QUESTION: what is the best/preferred way to notify CLARIN SPF - trac?
email?
3. CLARIN evaluates if that IdP is really problematic or not
ACTION POINT: define a problematic/non problematic IdP e.g., problematic
IdP is the one that does not validate its users more that by sending emails
ACTION POINT: make this definition public (will be decided what is the
best way [1])
4. SPF will add this IdP into the filters
QUESTION: is filtering (blacklisting) of IdPs in CLARIN SPF happening
before they are published to
https://infra.clarin.eu/aai/prod_md_about_spf_idps.xml and if so then where?
ACTION POINT: make filtered IdPs public (will be decided what is the best
way [1])
To all, please feel free to comment, share practices etc. At LINDAT, we
have the following page
https://lindat.mff.cuni.cz/en/how-do-i-sign-up (see section Supported
Organisations)
Best,
Jozef
[1] In my todo list is still to prepare a short CLARIN AAI requirements
document where we could add it and publish that document.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20170418/d04e40af/attachment.htm>
More information about the Tf-aai
mailing list