+31(0)20 5304488
contact@refeds.org
REFEDS

Menu

Skip to content
  • Home
  • Blog
  • Wiki
  • Meetings
    • All Meetings
    • Community Chats
  • Sponsor
  • Federations
    • Federations
    • Federations Map
  • Our Work
    • Workplan
    • Tools
    • Documents
    • White Papers
    • Resolutions
  • Specifications
  • About
    • About REFEDS
    • Participant’s Agreement
    • Strategic Plan

Distributing metadata around eduGAIN – the real picture

REFEDS > Blog > Uncategorized > Distributing metadata around eduGAIN – the real picture
31 May, 2017Uncategorizededugain, federation, metadataRhys Smith

Prologue

When running a federation, there are multiple ways in which federations can publish their local entities into eduGAIN (i.e. “upstream”), and in which eduGAIN metadata can be published to a federation’s local entities (i.e. “downstream”).

Why is this important? Well, the choice made in how to do these two things has major consequences on the entities and about how much work they have to do to be globally interoperable – and consequently, how much pain this can cause actual end users!

The Accepted Picture

GÉANT has categorised each of the eduGAIN federations approaches to both upstream and downstream (data available here), presented from a federation operator point of view, and this has been presented at multiple events. Let’s take a look…

Upstream

There are 4 different ways of pushing local metadata into eduGAIN by a federation operator:

  • Full opt-in – no entities are pushed to eduGAIN without the specific request from an entity to do so.
  • IdP opt-in, SP opt-out – no IdP entities are pushed to eduGAIN without the specific request from an entity to do so; SP entities are all automatically  pushed to eduGAIN unless the entity requests otherwise.
  • IdP opt-out, SP opt-in – IdP entities are all automatically pushed to eduGAIN unless the entity requests otherwise; no SP entities are pushed to eduGAIN without the specific request from an entity to do so.
  • Full opt-out – all entities are pushed to eduGAIN unless the entity requests otherwise.

So, let’s have a look at how federation operators do this:

The results are pretty clear – full opt-in is the choice that most federation operators have made, and the other choices are very much in the minority.

 Downstream

Downstream – how a federation’s entities actually consume eduGAIN metadata, is a rather more complex picture:

There are 12 different methods documented, and there is no clear preferred approach. So, whether an entity actually consumes metadata for eduGAIN entities is entirely an unknown factor.

Conclusions

The data above suggests that the majority of entities are not exported into eduGAIN unless they specifically ask for it, and whether those entities can also consume metadata from eduGAIN is anyone’s guess.. Upstream opt-in must be the best solution, since that’s what most federations have adopted, and downstream distribution is something that everyone can decide for themselves.

Wrong.

My supposition is that this is entirely the wrong way to look a this problem.  What’s most important is how many entities around the world are exposed to the different approaches, instead of how many federations choose a particular approach. This whole problem centres on how entities can interact with each other, globally, in an inter-federated environment. So let’s look again, from their point of view.

The ACTUAL picture

To look at things from the point of view of the amount of entities that each approach is exposed to, we need to normalise the figures based on the amount of entities in each federation. Why is this important? Well, the distribution of number of entities that each federation publishes into eduGAIN differs wildly:

So, assuming every federation is equal when drawing these conclusions is flawed. Taking the entity count into account, what does the picture look like now?

Upstream

Compared to the original data, we can see that the picture is now somewhat more nuanced that before (where “full opt-in” was the clear choice). This means that from an entity perspective, most entities are part of federations that do with full opt-out or IdP out-out, SP opt-in.

So, for IdPs, the most common approach is for full opt-out – meaning actual end users globally are most likely to have their IdP automatically exported into eduGAIN.

For SPs, the picture is somewhat murkier – 45% will be subject to opt-out and 55% opt-in.

Downstream

Looking at the data for downstream publication – how entities consume eduGAIN metadata, the picture is in fact a lot clearer than before (where there was no clear choice):

Now it can be seen that the clear majority of entities consume eduGAIN metadata by the simple process of that metadata being included in the entity’s home federation’s main metadata feed. The implications of this are that the majority of entities automatically consume eduGAIN metadata without having to do anything to enable it.

Actual Conclusions

Having looked at the data on different approaches to downstream and upstream publishing of eduGAIN metadata from the point of view of the entities, rather than the federations, we can draw the following conclusions:

  • The majority of IdPs in the world are subject to opt-out, so are published automatically to the rest of the world
  • For SPs, roughly half will be automatically made available globally while half will be kept local only.
  • The majority of entities globally automatically consume eduGAIN metadata without having to specifically add configuration to do so.

And some personal observations

And to those conclusions, I’ll add a personal observation as a federation operator. We are in the business of attempting to enable seamless global interoperation between our customers/members, and the only way to enable that is to make the process as simple as possible for them. The way to do that is clear:

  • All IdP entities should be opt-out (i.e. all IdPs should be published globally unless there’s a specific reason/request not to do that).
  • Federations with a large amount of services with a global customer base should enact opt-out for their SPs (i.e. automatically make them globally available). Federations with services that are only of interest locally may wish to do opt-in with no real affect on eduGAIN.
  • eduGAIN metadata should absolutely be pushed to entities without them having to do anything (i.e. include imported eduGAIN entities in the main federation feed). Without this, a federation operator is doing a major disservice to the end-user experience, as users will find global services that know about their home IdP, but their home IdP won’t know about the service. Users will not understand the error that results. And we’re supposed to be making their lives easier, not more frustrating.

All of this can be summed up simply – let the metadata flow!

Post navigation

← REFEDS Contracts 2017 Reviewing Research and Scholarship →

Archives

  • April 2025
  • September 2024
  • May 2024
  • January 2024
  • December 2023
  • June 2023
  • April 2023
  • December 2022
  • August 2022
  • May 2022
  • March 2022
  • October 2021
  • April 2021
  • March 2021
  • February 2021
  • May 2020
  • March 2020
  • January 2020
  • September 2019
  • July 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • December 2017
  • October 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • October 2015
  • March 2015
  • December 2014
  • November 2014
  • October 2014
  • April 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • June 2013
  • April 2013
  • March 2013
  • February 2013
  • November 2012
  • September 2012
  • July 2012
  • April 2012

Categories

  • APAN
  • consultations
  • Internet2
  • report
  • RFQ
  • specification
  • strategy
  • Uncategorized

Recent Posts

  • Announcing the 2025 REFEDS MFA Profile Working Group
  • Is There a Future for REFEDS and R&E Federations?
  • REFEDS trustinfo metadata Working Group
  • Framework Registration: What is it, and what’s happening with the Working Group?
  • REFEDS Metadata about Identity Federations

Administration

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Privacy Notice

Privacy Notice

Cookie Policy

Copyright © REFEDS
Powered by WordPress , Theme i-excel by TemplatesNext.
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
MENU
  • Home
  • Blog
  • Wiki
  • Meetings
    • All Meetings
    • Community Chats
  • Sponsor
  • Federations
    • Federations
    • Federations Map
  • Our Work
    • Workplan
    • Tools
    • Documents
    • White Papers
    • Resolutions
  • Specifications
  • About
    • About REFEDS
    • Participant’s Agreement
    • Strategic Plan