Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Talk:VT Federated Identity Providers Assessment Task 1: Questionnaire about TCS

From EGIWiki
Jump to navigation Jump to search

Institution joining a federation as IdP

The process for an institution to join a national identity federation in each country as an IdP may go beyond what we want to ask NGIs. It may be sufficient to ask if the relevant institutions are already members: if not, we can see there is a problem. --Ocalladw 17:34, 21 December 2011 (UTC)

Institution providing access to TCS for their users

[1] explains the requirements. In short a subscriber (i.e. a university or other research inst.) must sign a subscriber agreement with a member (i.e. an NREN) (TO BE COMPLETED...) --Ocalladw 17:34, 21 December 2011 (UTC)

Good point. I split the question and added a pointer to the TCS document repository --Leinen 16:44, 22 December 2011 (UTC)

Procedure to obtain a personal e-Science certificate

In my understanding, the procedure to obtain certificates would be the same in all participating federations, because they all use the same service. What is different, and not just between federations, but also between the different institutions within a federation, is the process for a user to become registered in an institutional Identity Provider. For many institutions this will be integrated into HR or other enrollment procedures and thus mostly transparent to the user; for others it may be a separate process, possibly an onerous one.--Leinen 16:49, 22 December 2011 (UTC)

Catch-all

"a catch-all IdP to register users from not-federated institutions" While this is generally a common practice in federations I don't think this is compatible with TCS e-Science. I think IdP's must be linked to primary, institutional identity databases, and specifically the face-to-face identity vetting cannot be out-sourced. At least this was our understanding in Ireland. --Ocalladw 14:50, 22 December 2011 (UTC)

Contract lifetime

The TCS is based on a contract between Terena and the CA provider (Comodo), which was valid for three years. I don't know what is the likehood that this is extended then.

See Also