On 22 Oct 2014, at 15:24, Kristof Bajnok <[log in to unmask]> wrote:
> Could someone please summarise the thread and the current situation to
> us non-devs? Do I understand the proposed solution [2] right that if we
> split every trust router into two: one for IdPs and one for RP proxies,
> it would work now? Is this a design decision or a workaround?
It all works currently :)
We're missing one feature - loop detection - that allows us to let people peer with us safely (so, it's possible to run a single trust router for IdP's and RP's right now, we just need to be careful who does this).
Without loop detection it's possible for a config error on a downstream server to create an infinite loop.
Running two trust routers is a way to mitigate this (allowing us to peer with more entities).
Loop detection (as the thread is currently discussing) is a better solution that will be implemented though.
Regards,
Adam Bishop
Systems Development Specialist
gpg: 0x6609D460
t: +44 (0)1235 822 245
xmpp: [log in to unmask]
Janet, the UK's research and education network.
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
|