Versions Compared

Old Version 6

changes.mady.by.user Mehdi Hached

Saved on

compared with

New Version 7

changes.mady.by.user Ioannis Kakavas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Remark: Other feedbacks from the academic federations running categories for a significant time would be enlightening.

 

The Greek Federation experience (GR)

The Greek Federation, operated by GRNET has introduced Entity Groups in the published metadata, utilizing multiple EntitiesDescriptor elements. The groups match SPs with different trust levels in the federation ( GRNET's own Services SPs, Microsoft services for higher educational institutes, others ) but are not formally defined. Since GRNET operates the majority of the IdPs of the Universities participating in the federation, respective attribute release policies have been deployed in the Identity Providers, utilizing AttributeRequesterInEntityGroup type rules for matching the SP and releasing the necessary attributes.

As this set up is neither optimal nor well maintainable, the Greek federation is in the process of introducing a number of national Entity Categories (both for SPs and IdPs) in the federation. The main drivers for the change are:

  • Simplicity in the federation metadata aggregation and publication
  • Formal definition of Trust Levels
  • Enhanced granularity
  • The introduction of new Identity Providers ( Hospitals ) in the federation that have stricter requirements for attribute release. 

The work is ongoing and the preliminary plan is to introduce the Entity Categories in 2016. No decision has been made yet as to whether eduGAIN defined Entity Categories ( GÉANT CoCo , R&S ) will be used. 

The attributes values issue

...