Version 24 (modified by 10 years ago) (diff) | ,
---|
Note: this page needs to be updated (2014-08-13)
As much information as possible should be kept at http://www.clarin.eu/spf
However there might be some details to store here.
Requirements for a "home for the homeless" IdP: ServiceProviderFederation/Homeless?
Towards an easy-to-use central Discovery Service: ServiceProviderFederation/Discovery
High availability setup of CLARIN IdP and disco service: AnyCast?
Feedback on eduGAIN code of conduct: ServiceProviderFederation/EduGain?
Information about including logos for the IdPs?: recommendations and a related standardization discussion
SP technical contacts
See http://infra.clarin.eu/aai/md_about_spf_sps.xml
Changing the SAML metadata about SPF SPs
- Commit the changes to source:aai/clarin-sp-metadata.xml in the CLARIN SVN repository
- Make sure to check the XSD validity of the file! Be prepared to put 5 EUR in the CLARIN developers tipping box if you commit a non-valid file.
- Every hour a cron job automatically checks out the latest version at http://infra.clarin.eu/aai/clarin-sp-metadata.xml
How to add SAML metadata about the CLARIN IdP to your SP configuration
Information per Identity Federation
(source: https://refeds.terena.org/index.php/Federations)
Haka (Finland)
cn, sn, displayName, eduPersonPrincipalName, schacHomeOrganization, schacHomeOrganizationType
The major unique identifier: Currently, ePPN is the predominant unique ID.
The federation operator has published instructions on use of ePTID but hasn't strongly insisted its use.
Adding an SP: ServiceProviderFederation/Haka?
DFN-AAI
attributes
sn, email, ePPN, ePSA, ePEntitlement, ePTID
What is the predominant unique identifier for end users?
- eduPersonPrincipalName (ePPN)
- eduPersonTargetedID(ePTID)/SAML2 PersistentID
Is there a policy for what should be used as the unique ID? No.
Software at the IdPs?
But I think most of the IdPs in the DFN-AAI have been updated since the security advisory of July 25th, 2011. So, hopefully, most of the 95 IdPs in the DFN-AAI production federation(s) should be 2.3.2 or higher. There are 6 Shibboleth 1.3 / SAML 1.1 IdPs and AFAIK(!) only one case of SimpleSAMLphp IdP (but some more in the test federation).
SURFconext
Mandatory attributes: No mandatory attributes
The major unique identifier:
The predominant unique identifier for end users is eduPersonPrincipalName (ePPN) There is no formal policy for what should be used as the unique ID
UK federation
See section 7 of http://www.ukfederation.org.uk/library/uploads/Documents/technical-recommendations-for-participants.pdf for the recommended attributes in the UK.
Attributes
The minimal set of required attributes:
The ideal set of attributes:
- cn (common name)
- o (organizationName) or schacHomeOrganization
CLARIN SP requirements
Component Registry?
- strictly required: ePPN
- nice to have: displayName, cn (common name)
Virtual Collection Registry?
- strictly required: eduPersonTargetedID (could also be configured to work with ePPN)
- nice to have: cn, displayName
WebLicht?
- strictly required: (no attributes - as not all IdPs? are releasing anything useful)
- nice to have:
TQE (CLARIN-NL, http://hdl.handle.net/1839/00-SERV-0000-0000-0005-6)
- strictly required: (no attributes)
- nice to have: (no attributes)
Adelheid anntool ((clarin-nl, http://hdl.handle.net/1839/00-SERV-0000-0000-0005-6)
- strictly required:
- nice to have: