Notes from the AAI Taskfoce Meeting at the virtual Center Meeting
Time: 10.6.2021 14-15:45 CEST Present (from memory): Martin Matthiesen, Dieter van Uytvanck, Willem Elbers, André Moireira, Jozef Mišutka, ?
Topics
AAI Proxy
Willem presented the idea to introduce an AAI proxy similar to Elixir.
Benefits:
- Once accepted by a Federation CLARIN can give SPs more assurances that connect will work and even provide missing IdP attributes.
- OIDC/OAuth2 -bridging is possible
- Much easier administration than present SPF, especially on CLARIN ERIC side
Issues:
- Self-reported attributes (e.g. mail) must be visible as such to SPs
- SPs using targetedID, or any other approach using (IDP,SP) specific information, cannot identify returning users (some workaround for this will be needed)
- Jozef: At the moment, I would highlight this as a show stopper to Clarin IdP revolution (mandatory moving to hub&spoke for all SPs) but not a showstopper to potential Clarin IdP evolution (mandatory for new SPs).
And it is not only about targetedID but can be also for idp+eppn and probably other combinations.
- Jozef: At the moment, I would highlight this as a show stopper to Clarin IdP revolution (mandatory moving to hub&spoke for all SPs) but not a showstopper to potential Clarin IdP evolution (mandatory for new SPs).
- Single point of failure
- Proxies proxying to proxies might confuse users.
The idea was received positively, if the issues mentioned can be addressed/mitigated.
Lindat's Attribute Aggregator
The "AAGREG" was introduced a few years ago, uptake is low. It is seen as a useful tool and we agreed to promote uptake in the next SCCTC.
SP-specific discovery services
There is a need for SP-specific discovery service feeds, CLARIN is aware of the issue and more information is to follow.
API Security
A brief overview of API tokens and their usage was presented.
Attachments (1)
- Centre Meeting 2021 - AAI - Tokens.pdf (213.2 KB) - added by 3 years ago.
Download all attachments as: .zip
