...
- Should the test IdP feature national federation attributes and entity categories as part of the testing, given that one cannot join eduGAIN without joining a national federation first? Would that also require 'federation policy' to be implemented on a per federation basis?
→ this would be very difficult to maintain centrally, in addition such attributes and entity categories would not be available via other national federations and hence of no value to the SP (in the context of eduGAIN) - What if a national fed metadata requirements exceed eduGAIN metadata requirements?
→ Given that a national fed should already be able to consume eduGAIN metadata (or it would not be able to be make use of eduGAIN at all), may we assume the eduGAIN metadata requirements are the lowest common denominator we will support for SP metadata - What if a national fed does not support preferred eduGAIN metadata elements like e.g. SIRTFI or R&S?
→ If this national fed is the only option for the SP to get into eduGAIN, the test IdP cannot resolve this anyway, so we declare this problem out of scope. - If the test IdP is part of eduGAIN, to what level should it provide protection against unintended use?
→ The current proposal is to only engage with SPs that have explicitly registered their SP with the test IdP and to retire that connection after a given time ( e.g. 1 month)
Conclusion
From feedback received at the public Sprint demo the consensus opinion was the Test IdP should not be a part of eduGAIN, particularly due to the possible security risks. So at this point we have decided not to consider it within eduGAIN and leave any decision about whether to include it and the necessary requirements to do this to the eduGAIN steering committee.