[Tf-aai] CLARIN-B centre checklist update

Mitchell Seaton seaton at hum.ku.dk
Mon Nov 6 16:27:51 CET 2017 

Dear all,

I am in agreement that it could be retained in AAI recommendations, but 
not as a requirement, for approaches to testing/evaluation of AAI 
(Shibboleth) and CLARIN B-centres.

Reasons not to remove include: * it did help provide a single simple 
implementation to allow evaluation of SP and IdP attribute release.

What is the current evaluation of IdPs in regards to the use of SAML 
RequestedAttribute (isRequired=true)? There was an old report (2013) 
regarding attribute release.

Guidelines do exist already 
(https://www.clarin.eu/content/guidelines-saml-metadata-about-your-sp) 
together with check SAML metadata script, but maybe there should be a 
link in the Checklist document on 5.1 to 
https://www.clarin.eu/content/creating-and-testing-shibboleth-sp? I 
found the Attribute consumption part could be unclear or easily missed 
in the B-centre process, and to consider the attributes your service 
requires when evaluating the SP.

Having an ability to test for any AAI issues or attribute release is a 
good thing.

However I do agree with the *not* arguments (per Martin, Jozef). :)

Regards,
Mitchell Seaton

On 11/03/2017 03:00 PM, Martin Matthiesen wrote:
> Hello Jozef,
>
> I do find the script very useful at times, for example when debugging LBR/REMS connectivity issues. But I agree that aaggreg is as useful to check connectivity. I guess the underlying point is to make sure that AAI works for the service in question. This can be checked by simply login and performing a defined action (say accessing a CLARIN ACA secured corpus). My vote goes to removing the script as a requirement but keeping it as a strong recommendation.
>
> Martin
>
> ----- Original Message -----
>> From: "Jozef Mišutka"<misutka at ufal.mff.cuni.cz>
>> To: "tf-aai"<tf-aai at lists.clarin.eu>
>> Sent: Friday, 3 November, 2017 12:46:45
>> Subject: [Tf-aai] CLARIN-B centre checklist update
>> Dear all,
>> the assessment committee would like to remove the following requirement
>> 5.2 Install the attribute debug script ( [http://shib_test.pl/  | shib_test.pl ]
>> ) at your Service Provider server: [https://www.clarin.eu/page/3537  |
>> https://www.clarin.eu/page/3537  ]
>> from the Checklist for CLARIN B Centres ( [http://hdl.handle.net/11372/DOC-78  |
>> http://hdl.handle.net/11372/DOC-78  ] ).
>> I would like to hear any reasons why *not* to do it.
>> Here is a list why to do it:
>> - it is perl based and having perl scripting allowed on production server only
>> because of this is too much;
>> - this is hardly of any use to the person doing the assessment;
>> - from my personal experience, it has not helped me much lately and in
>> Shibboleth you can get some session information in ( [
>> https://lindat.mff.cuni.cz/Shibboleth.sso/Session  |
>> https://lindat.mff.cuni.cz/Shibboleth.sso/Session  ] );
>> - (lastly, better is to integrate [https://lindat.mff.cuni.cz/services/aaggreg/
>> |https://lindat.mff.cuni.cz/services/aaggreg/  ] )
>> Best,
>> Jozef
>> [Plain textfile:ATT00001]
> _______________________________________________
> Tf-aai mailing list
> Tf-aai at lists.clarin.eu
> https://lists.clarin.eu/cgi-bin/mailman/listinfo/tf-aai

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20171106/e632a4a8/attachment.htm>

More information about the Tf-aai mailing list