Subject Re: [eduGAIN-discuss] mari plan & next steps
From Peter Schober <peter.schober@xxxxxxxxxxxx>
Date Wed, 29 Oct 2014 18:29:09 +0100

* Jaime Pérez Crespo <jaime.perez@xxxxxxxxxx> [2014-10-29 18:21]:
> On 29 Oct 2014, at 17:39 pm, Peter Schober <peter.schober@xxxxxxxxxxxx> wrote:
> > * Leif Johansson <leifj@xxxxxxxx> [2014-10-29 17:34]:
> >> If R&S specifies releasing eduPersonScopedAffiliation and FEIDE doesn't
> >> have that attribute, how will including it in a bundle help FEIDE?
> > 
> > That's probably my point: It won't help FEIDE per se, it would force
> > FEIDE to align its practices with the spec IFF they wanted to be able
> > to apply to (SPs) or support (IDPs) REFEDS R&S.
> And that’s an entirely different problem. First of all I should say
> that the problem is not that Feide doesn’t have
> eduPersonScopedAffiliation. We do indeed. Nor it’s that we don’t
> want to release it. We’re glad to do it. The problem is that most of
> our institutions don’t have that attribute in their directories, so
> it’s not that we don’t have it or we don’t want to release it, but:
> most users don’t have such information.

That's the basic "full mesh" federation scenario, then. Business as
usual, for most of us here.

> That given, how exactly would that force Feide to align its
> practices with the spec? It reminds me of a different discussion I
> had last week regarding the CoCo. You could say Feide willingly
> aligns with the spec, but since Feide is not the holder of the
> attributes… If we are “forced” to align, what does that mean? Should
> we go to each and every institution out there and threaten them to
> kick them out of Feide if they don’t include
> eduPersonScopedAffiliation and schacHomeOrganization for all their
> users? Should we do that then even for those users/institutions
> where sHO, for instance, doesn’t have any semantics and cannot
> actually have any value?

I regretted having typed "force" immediately when hitting send. It
should have been "motivate" (you get to play with REFEDS R&S only if
you comply).  And clearly this now is not about FEIDE qua "central
IDP" doing anything, it about FEIDE as federation operator documenting
and encouraging behaviour at institutions to help them interoperate
with the outside world. Same as we "full mesh" types all do.

Whether institutions connect LDAP servers to a cental FEIDE IDP, or
connect LDAP server to their own IDP is immaterial here: You're in the
same boat as all "full mesh" federations.
So how come it should be more difficult for you (compared to most
others) to get your institutions configured properly? That's the part
I fail to get.