Refeds


Subject Re: draft charge, refeds working group on attribute release
From David Simonsen <david@xxxxxxx>
Date Thu, 30 Jun 2011 18:11:54 +0200

On Jun 30, 2011, at 12:36 PM, Josh Howlett wrote:
>> I'm not a huge fan of federations playing a defining role rather than an advising role for attribute release
> 
> Unfortunately, as far I can can tell, this is increasingly the expectation
> of service providers, particularly within the entire e-Science community.

Why is this unfortunate? We help people dealing with stuff that they only see as complicated, time consuming, cumbersome etc. etc. 
IMHO there is a real need/marked for fedops - but many of you seem to try to persuade us that it would be better if the SP/IdPs figure out them selves what they find really hard to do, and only very rarely get right on their own ...

> Their expectation is that it is the *federation* that provides them with attributes or LoAs or whatever - not IdPs.

Not least because they will never manage to talk to IdPs directly - it's hard enough to talk connect a single service to multiple federations! (Hence REFEDs ;) Of course it will not be the federation itself that provide the attributes - but the federation policy may help normalizing what can reasonably be expected (min. 12 attributes per IdP in AU, min. 11 in DK etc.).

> Service providers want a one-stop shop for identity and if federations don't supply it, Facebook will.

Agree. See also: http://www.computerweekly.com/Articles/2011/06/13/246951/Multiple-claims-based-ID-assurance-services-on-the-horizon-says-OCSIA39s-Nigel.htm

> I don't know whether it's causal or not, but I've observed that those
> federations that do take a defining role (eg. SWITCHaai) tend to have a higher SP/IdP ratio.

Would it be strange if more SPs connect to federations that help take away complexity ? I believe it's causal ...

/David