[Tf-aai] CLARIN-B centre checklist update
Mitchell Seaton
seaton at hum.ku.dk
Mon Nov 6 16:27:51 CET 2017
Dear all,
I am in agreement that it could be retained in AAI recommendations, but
not as a requirement, for approaches to testing/evaluation of AAI
(Shibboleth) and CLARIN B-centres.
Reasons not to remove include: * it did help provide a single simple
implementation to allow evaluation of SP and IdP attribute release.
What is the current evaluation of IdPs in regards to the use of SAML
RequestedAttribute (isRequired=true)? There was an old report (2013)
regarding attribute release.
Guidelines do exist already
(https://www.clarin.eu/content/guidelines-saml-metadata-about-your-sp)
together with check SAML metadata script, but maybe there should be a
link in the Checklist document on 5.1 to
https://www.clarin.eu/content/creating-and-testing-shibboleth-sp? I
found the Attribute consumption part could be unclear or easily missed
in the B-centre process, and to consider the attributes your service
requires when evaluating the SP.
Having an ability to test for any AAI issues or attribute release is a
good thing.
However I do agree with the *not* arguments (per Martin, Jozef). :)
Regards,
Mitchell Seaton
On 11/03/2017 03:00 PM, Martin Matthiesen wrote:
> Hello Jozef,
>
> I do find the script very useful at times, for example when debugging LBR/REMS connectivity issues. But I agree that aaggreg is as useful to check connectivity. I guess the underlying point is to make sure that AAI works for the service in question. This can be checked by simply login and performing a defined action (say accessing a CLARIN ACA secured corpus). My vote goes to removing the script as a requirement but keeping it as a strong recommendation.
>
> Martin
>
> ----- Original Message -----
>> From: "Jozef Mišutka"<misutka at ufal.mff.cuni.cz>
>> To: "tf-aai"<tf-aai at lists.clarin.eu>
>> Sent: Friday, 3 November, 2017 12:46:45
>> Subject: [Tf-aai] CLARIN-B centre checklist update
>> Dear all,
>> the assessment committee would like to remove the following requirement
>> 5.2 Install the attribute debug script ( [http://shib_test.pl/ | shib_test.pl ]
>> ) at your Service Provider server: [https://www.clarin.eu/page/3537 |
>> https://www.clarin.eu/page/3537 ]
>> from the Checklist for CLARIN B Centres ( [http://hdl.handle.net/11372/DOC-78 |
>> http://hdl.handle.net/11372/DOC-78 ] ).
>> I would like to hear any reasons why *not* to do it.
>> Here is a list why to do it:
>> - it is perl based and having perl scripting allowed on production server only
>> because of this is too much;
>> - this is hardly of any use to the person doing the assessment;
>> - from my personal experience, it has not helped me much lately and in
>> Shibboleth you can get some session information in ( [
>> https://lindat.mff.cuni.cz/Shibboleth.sso/Session |
>> https://lindat.mff.cuni.cz/Shibboleth.sso/Session ] );
>> - (lastly, better is to integrate [https://lindat.mff.cuni.cz/services/aaggreg/
>> |https://lindat.mff.cuni.cz/services/aaggreg/ ] )
>> Best,
>> Jozef
>> [Plain textfile:ATT00001]
> _______________________________________________
> Tf-aai mailing list
> Tf-aai at lists.clarin.eu
> https://lists.clarin.eu/cgi-bin/mailman/listinfo/tf-aai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20171106/e632a4a8/attachment.htm>
More information about the Tf-aai
mailing list