...
Given the above there's no need for IdPs in SURFconext to add Sirtfi information to their metadata themselves if they only interface with SURFconext. If an IdP does so regardless, we should probably check with them what the expectations are and how to handle this: is it only for other connections this IdP has, or if they want to override SURFconext's info for some reason.
Sirtfi for SPs
For "incoming" SPs that our IdPs use via eduGAIN we can look up the relevant Sirtfi information in eduGAIN metadata when we need it. It will be made available though the SURFconext Dashboard to IdP administrators in the future. It does not currently seem opportune for us to reject SPs without Sirtfi.
"Outgoing" SPs that SURFnet publishes (in eduGAIN) should be handled individually. A commercial SP like Edugroepen should probably list its own direct contact information and check compliance with the framework. SPs that are run by SURFnet itself may similarly decide on what the most appropriate contact point is. We can republish such information from the SPs metadata feed.
Implementation
- Discuss within SURFconext team
- Discuss with SURFcert
- Discuss with key users
- Make some basic documentation on SURFcert wikiwespje
- Publish contact info and assertions for IdPs; inform IdPs about Sirtfi
- Inform SPs and ask them to provide Sirtfi information in their metadata fields; republish if present
- Change serviceregistry to accept incoming Sirtfi information.
...