[Tf-aai] SAML Attribute Authorities in the CLARIN SPF feed - what to do?
André Moreira
andre at clarin.eu
Mon Oct 14 12:01:13 CEST 2019
Dear all,
I am trying to decide what should we do with the SAML Attribute Authorities which we currently bundle (silently) in the CLARIN SPF IdPs feed [1]. This happens because some IdPs e.g. Charles University entityID="https://cas.cuni.cz/idp/shibboleth” bundle together an IdP (IDPSSODescriptor) and an AA (AttributeAuthorityDescriptor).
I think the current situation is not ideal and I would like to move to one of two options:
1. Move all the AAs we currently have (1211 [2]) to their own separate AA feed.
2. Remove them.
This applies to both our traditional CLARIN SPF feed [1] as well as our new CLARIN eduGAIN feed [3].
Before doing anything and because I never really heard much about AAs in practice being used by our SPs, I would like to hear your opinions:
- Does your SP configuration somehow relies on the AAs we bundle in our IdPs feed?
- In your view, would this change have any foreseeable impact in the CLARIN SPF?
- Are you aware of any use case involving an AA?
Best regards,
André
[1] - https://infra.clarin.eu/aai/prod_md_about_spf_idps.xml
[2] - https://saml.clarin.eu/
[3] - https://infra.clarin.eu/aai/prod_md_about_edugain_idps.xml
----
André Moreira
CLARIN ERIC
https://www.clarin.eu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20191014/40426c10/attachment.sig>
More information about the Tf-aai
mailing list