Refeds


Subject Re: VO challenges - article
From Nick Roy <nroy@xxxxxxxxxxxxx>
Date Thu, 22 Oct 2015 18:58:32 +0000

Thanks.  I'll try to let folks know how it went over ;-)



On 10/22/15, 12:27 PM, "David Chadwick" <d.w.chadwick@xxxxxxxxxx> wrote:

>No problem, go ahead
>
>David
>
>On 22/10/2015 16:54, Nick Roy wrote:
>> I would LOVE to put this snippet of email on a slide and show it to CIOs at Global Summit in the spring.  It is the most useful, concrete articulation I have yet seen of the dire problem we have with attribute non-release.
>> 
>> The message I want to try to send is: Release at least R&S - EVERYONE DO THIS NOW.  Go home, tell your IdPOs to do this.  Talk to your registrars.  Don't let them say no.  Don't even open the door for that.  This is directory data.  Tell your IdPOs to configure a persistent nameID and release that to everyone.  Ask your IAM architect if you have something you can easily configure as ePUID.  If you have that, release it too.
>> 
>> Are the folks in the conversation comfortable with me doing that?
>> 
>> 
>> Thanks,
>> 
>> Nick
>> 
>> On 10/22/15, 8:36 AM, "David Chadwick" <d.w.chadwick@xxxxxxxxxx> wrote:
>> 
>>>
>>>
>>> On 22/10/2015 15:17, Cantor, Scott wrote:
>>>> On 10/22/15, 6:57 AM, "David Chadwick" <d.w.chadwick@xxxxxxxxxx>
>>>> wrote:
>>>>
>>>>> But isn't this a protocol issue? The SP can demand this in the
>>>>> request cant it? (certainly in our Shib implementation we can ask
>>>>> for either persistent or transient and both work)
>>>>
>>>> I can demand a pony, that doesn't mean I'll get one.
>>>
>>> But really we are not asking for a pony, only an ant (since PIDs are as
>>> common as them)
>>>
>>>>
>>>> My own opinion is that once you give up on using federation for
>>>> authorization data, it's inevitable that authentication will follow.
>>>
>>> With the evolution of FIDO this may well be the case.
>>> But the value of SSO with a PID is still worth a lot to end users and
>>> SPs, at the cost of next to nothing for IdPs.
>>>
>>>>
>>>> If the IdPs don't want to be in the buisiness of helping with access
>>>> management for the applications using their service, then they won't
>>>> have a service to worry about within a short span of time.
>>>
>>> Sadly most likely to be true
>>>
>>> David
>>>
>>>>
>>>> -- Scott
>>>>