Some years back when we were thinking about how this would evolve,
several of us were of the opinion that you would see multiple
federations overlapping your institution. It should be expected that
these multiple federations will reflect multiple levels of formality
and requirements for membership. Also, there would be different levels
of longevity.
There may be a project federation springing up for that new JISC
project, so why stick that burden on the UK Access Fed? But, also, I
don't want to stick the University of Woomba into my local,
institution only Fed. etc.
sean
On 26 Sep 2008, at 12:00, Rhys Smith wrote:
> I'm all for local federations, personally - provided you have the
> know-how
> and time to manage your own federation (which isn't a lot).
>
> At Cardiff Uni (CU) we have our own Federation. Resources we only
> offer to
> CU people go in our federation, resources we may wish to offer
> access to
> to members of other institutions go on the UK federation. For
> example, our
> Shib-AuthN EZProxy service is on our local federation - we only allow
> members of CU to get access to IP auth resources.
>
> The reasoning behind this is a) there's no point filling up the UK
> fed and
> making more work for JANET for something that's only going to be used
> internally, and b) I have more control over the metadata for these
> resources. If I, for example, wanted to change the SSL certs on a
> service,
> I can do it straight away since I'm in control of the CU federation; I
> don't have to submit a request to JANET and wait for them.
>
> Just my 2c...
>
> R.
> --
> ----------------------------------------------------------------------
> Rhys Smith e: [log in to unmask]
> Engineering Consultant: Identity & Access Management (GPG:
> 0xDE2F024C)
> Information Services,
> Cardiff University, t: +44 (0) 29 2087 0126
> 39-41 Park Place, Cardiff, f: +44 (0) 29 2087 4285
> CF10 3BB, United Kingdom. m: +44 (0) 7968 087 821
> ----------------------------------------------------------------------
>
>
>
> From:
> John Isles <[log in to unmask]>
> To:
> [log in to unmask]
> Date:
> 22/09/2008 15:19
> Subject:
> [JISC-SHIBBOLETH] Use of Local Federations
>
>
>
> Hi,
>
> I was wanting to get a feel for what others think
> on the subject of local, or private federations.
>
> We have quite a few web-based resources within our university
> which could benefit from single-sign-on technology.
> For us Shibboleth is the obvious candidate, but
> I am hesitating to register additional service providers
> with the UK federation if the resources they protect
> are only for use within our university. My hesitation
> is purely from the point of view of not filling
> the UK federation metadata with service-providers
> that are really only for our private use.
>
> What do others do under these circumstances?
> We were thinking of creating a local or private
> federation, just for us, is this the recommended
> option, or just add them to the UK federation?
>
> Thanks,
>
> John I
>
|