eduGAIN participation will become the default during November 2014

Posted on Thursday, 23 October 2014

An announcement was recently sent out to everyone listed as a technical or administrative contact for an entity registered with the UK Access Management Federation for Education and Research, and to Management Liaisons for the UK federation members. Its purpose is to inform you of changes to the way in which the UK federation participates in the eduGAIN system, and to outline the actions you may want to take as a result.

eduGAIN is the service that allows federations to exchange information about entities in order to enable global interworking. Participating in eduGAIN simply means that the users within your organisation have access to a wider range of services. You can read more about eduGAIN at:

http://www.ukfederation.org.uk/content/Documents/EduGAINParticipation

The changes will take place during November 2014. If you wish to opt out of them, you can do so at any time but are encouraged to do so before 10-Nov-2014.

YOU SHOULD ENSURE that the material below is reviewed by your technical staff as soon as possible, so that any reconfiguration you feel may be appropriate can take place before the transition.

Participation Arrangements for eduGAIN

Since the UK federation moved to full participation as part of the eduGAIN system in December 2013, we have operated on an "opt in" basis: entities registered with the UK federation are not exported to other eduGAIN participants by default, but (subject to certain technical requirements) can be explicitly opted in by their owners.

This has always been seen as an intermediate step towards full integration with eduGAIN. The next step will be taken in November 2014, when we will move to an "opt out" regime. This means that *all* entities registered with the UK federation will be exported to other eduGAIN participants by default, with the following exceptions:

  • Identity provider entities that do not support the SAML 2.0 protocol,
  • Schools sector aggregated identity provider entities,
  • Identity provider entities using "wildcard" scopes.

If your entity will be excluded from participation in eduGAIN for one of the above reasons, but you want it to be included, please contact the federation helpdesk at service@ukfederation.org.uk and request that the entity be "explicitly opted in" to interfederation.

We believe that it is in the long term interests of the owners of all other entities that they are included in the eduGAIN system. However, this may not apply in the short term for a limited number of entities. If you believe that one of your entities should *not* be exported to eduGAIN, either now or in the future, please contact the federation helpdesk at service@ukfederation.org.uk and request that the entity be "explicitly opted out" from interfederation.

We recommend that requests for explicit opt in or out requests reach us before 10-Nov-2014 to ensure that they take effect before these changes take effect. The status of an entity may of course be changed by request at any time.

Please contact the UK federation helpdesk (service@ukfederation.org.uk) if you have any additional questions about this update. Edited by AlexStuart on 27 October 2014, at 10:36 AM