The Internet2 Embedded Discovery Service (EDS) was recently released on beta so I thought I’d plumb it into the Guanxi Service Provider. The install instructions are pretty simple and The JSON schema is here. You basically just copy the files to somewhere on your SP and then feed it JSON generated from the metadata the SP consumes as part of its normal duties and bob’s your uncle.

Embedding it in Guanxi was fairly simple since I rejigged the profile handling into what is essentially a Profile Controller, called the Generic Profile Service (GPS). Guards redirect to this when requesting federated access and inserting a new handler, SAML2DiscoveryProfileService, I could easily create a feedback loop to replay the Guard request but populated with an entityID, chosen by the user from the EDS.

(more…)

For a long time now, users of e-resources that offer Shibboleth access have been confronted with the discovery problem. That first hurdle one must jump to get anywhere near the resource. The supplier must ask you, “Where Are You From?” but because you can’t speak to a web site and say “University of Blah”, you’re presented with the WAYF service, where you get to scroll endlessly through hundreds or thousands of institutional identity providers, if you don’t know the exact name of your institution as it is known to, for example, the UK Federation.

I’ve been a great fan of WAYFless URLs and probably a bit of a zealot in this area as there really is no need to force a user through a WAYF if the supplier supports WAYFless URLs. Such a URL takes the user directly to their institutional identity provider’s login page, otherwise known as their Identity Provider (IdP). Two click access. One on the link, one on the login button. Voila, discovery problem solved. However, not all suppliers have WAYFless URLs and they mostly all have their own versions of a WAYF service, which is confusing to the user and more than a bit annoying. The supplier has a resource the users wants, the user knows where they’re from and yet the supplier insists the user must trawl their awful WAYF. (more…)

FAM#2 project is nearing completion, so I thought I’d bung up a couple of piccies to illustrate the state of play. The difference between Athens and the fed is that OpenAthens hides the resources behind one “super-SP”, with one providerId, so it’s impossible to track resource usage from the IdP. In effect, OpenAthens is a mini federation, with the SP as the gateway to the UK Federation’s IdPs.

There are some interesting stats on the UK Access Management Federation entity types in Ian Young’s presentation. I was surprised to see that OpenAthens has the lion’s share of IdPs and it’s good to see the federation growing all the time. The Guanxi SP constitutes 2% of the Service Providers in the federation too. There are also a couple of interesting teasers. They’re just blips on the FAM radar at the moment but I’ve heard them mentioned more often lately. SAML2 and Cardspace.

I’ve already been asked about SAML2 support in Guanxi and with ${WORK} beginning the long migration to Active Directory, Cardspace is looking a viable alternative to WAYFs, although I must say, the SPs in the federation mostly all support WAYFless URLs. There’s a good introduction to the Cardspace tech stuff on Pamela Dingle’s blog.

So it’s time to ramp up the .NET skills to see if there’s anything to be done in the emerging infocard arena.

I’ve now defined a workflow which seems to fit the project. There are two paths through the workflow, one for migrating resources to the federation and one for reporting and fixing problems with previously migrated resources or the other components, such as the IdP or the server itself:

We’ve wrapped up the FAM#1 project, which was brought forward to deal with the funding being withdrawn for the Shibboleth to Athens Gateway, which allowed us to access electronic resources held within Athens using our UHI credentials. We closed that project in August after the selected resources went live in the UK Access Management Federation and the librarians were pleased with the results. So last Friday, myself, Elizabeth and Tony met in Inverness to work on the FAM#2 project plan.