I'm all for local federations, personally - provided you have the know-how
and time to manage your own federation (which isn't a lot).
At Cardiff Uni (CU) we have our own Federation. Resources we only offer to
CU people go in our federation, resources we may wish to offer access to
to members of other institutions go on the UK federation. For example, our
Shib-AuthN EZProxy service is on our local federation - we only allow
members of CU to get access to IP auth resources.
The reasoning behind this is a) there's no point filling up the UK fed and
making more work for JANET for something that's only going to be used
internally, and b) I have more control over the metadata for these
resources. If I, for example, wanted to change the SSL certs on a service,
I can do it straight away since I'm in control of the CU federation; I
don't have to submit a request to JANET and wait for them.
Just my 2c...
R.
--
----------------------------------------------------------------------
Rhys Smith e: [log in to unmask]
Engineering Consultant: Identity & Access Management (GPG:0xDE2F024C)
Information Services,
Cardiff University, t: +44 (0) 29 2087 0126
39-41 Park Place, Cardiff, f: +44 (0) 29 2087 4285
CF10 3BB, United Kingdom. m: +44 (0) 7968 087 821
----------------------------------------------------------------------
From:
John Isles <[log in to unmask]>
To:
[log in to unmask]
Date:
22/09/2008 15:19
Subject:
[JISC-SHIBBOLETH] Use of Local Federations
Hi,
I was wanting to get a feel for what others think
on the subject of local, or private federations.
We have quite a few web-based resources within our university
which could benefit from single-sign-on technology.
For us Shibboleth is the obvious candidate, but
I am hesitating to register additional service providers
with the UK federation if the resources they protect
are only for use within our university. My hesitation
is purely from the point of view of not filling
the UK federation metadata with service-providers
that are really only for our private use.
What do others do under these circumstances?
We were thinking of creating a local or private
federation, just for us, is this the recommended
option, or just add them to the UK federation?
Thanks,
John I
|