Difference between revisions of "Talk:VT Federated Identity Providers Assessment Task 1: Questionnaire about TCS"

From EGIWiki
Jump to: navigation, search
(Catch-all: Added doubts about the "procedure to obtain certificate" question.)
Line 17: Line 17:
 
== Catch-all ==
 
== Catch-all ==
 
"a catch-all IdP to register users from not-federated institutions" While this is generally a common practice in federations I don't think this is compatible with TCS e-Science. I think IdP's must be linked to primary, institutional identity databases, and specifically the face-to-face identity vetting cannot be out-sourced. At least this was our understanding in Ireland. --[[User:Ocalladw|Ocalladw]] 14:50, 22 December 2011 (UTC)
 
"a catch-all IdP to register users from not-federated institutions" While this is generally a common practice in federations I don't think this is compatible with TCS e-Science. I think IdP's must be linked to primary, institutional identity databases, and specifically the face-to-face identity vetting cannot be out-sourced. At least this was our understanding in Ireland. --[[User:Ocalladw|Ocalladw]] 14:50, 22 December 2011 (UTC)
 +
 +
== Contract lifetime ==
 +
The TCS is based on a contract between Terena and the CA provider (Comodo), which was valid for three years. I don't know what is the likehood that this is extended then.
  
 
== See Also ==
 
== See Also ==
 
* http://www.terena.org/activities/tcs/repository/ --[[User:Ocalladw|Ocalladw]] 17:34, 21 December 2011 (UTC)
 
* http://www.terena.org/activities/tcs/repository/ --[[User:Ocalladw|Ocalladw]] 17:34, 21 December 2011 (UTC)

Revision as of 00:28, 24 December 2011

Institution joining a federation as IdP

The process for an institution to join a national identity federation in each country as an IdP may go beyond what we want to ask NGIs. It may be sufficient to ask if the relevant institutions are already members: if not, we can see there is a problem. --Ocalladw 17:34, 21 December 2011 (UTC)

Institution providing access to TCS for their users

[1] explains the requirements. In short a subscriber (i.e. a university or other research inst.) must sign a subscriber agreement with a member (i.e. an NREN) (TO BE COMPLETED...) --Ocalladw 17:34, 21 December 2011 (UTC)

Good point. I split the question and added a pointer to the TCS document repository --Leinen 16:44, 22 December 2011 (UTC)

Procedure to obtain a personal e-Science certificate

In my understanding, the procedure to obtain certificates would be the same in all participating federations, because they all use the same service. What is different, and not just between federations, but also between the different institutions within a federation, is the process for a user to become registered in an institutional Identity Provider. For many institutions this will be integrated into HR or other enrollment procedures and thus mostly transparent to the user; for others it may be a separate process, possibly an onerous one.--Leinen 16:49, 22 December 2011 (UTC)

Catch-all

"a catch-all IdP to register users from not-federated institutions" While this is generally a common practice in federations I don't think this is compatible with TCS e-Science. I think IdP's must be linked to primary, institutional identity databases, and specifically the face-to-face identity vetting cannot be out-sourced. At least this was our understanding in Ireland. --Ocalladw 14:50, 22 December 2011 (UTC)

Contract lifetime

The TCS is based on a contract between Terena and the CA provider (Comodo), which was valid for three years. I don't know what is the likehood that this is extended then.

See Also