Dear colleagues
Last week an issue was made public on the REFEDS mailing list regarding
an SP that discovered that different users from two IdPs all had the
same eduPersonTargetedID/SAML persistent NameID [1].
It seems that in both cases the root cause was that this
attribute/nameID was generated creating a hash of another attributes,
which in these two cases was empty.
Currently, there is a discussion taking place on the REFEDS mailing
list. An (data integrity/security) issue like this one (and handling it)
is in scope for e-Science support as well and we can use this as one
example of a complex issue (several entities and federations involved)
that eScience Support should be able to handle.
Best Regards
Lukas
[1]
https://lists.refeds.org/sympa/arc/refeds/2016-11/msg00072.html
--
SWITCH
Lukas Hämmerle, Central Solutions
GÉANT Project Task Leader of
eduGAIN Service Development - Research and Service Providers
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone
+41 44 268 15 05, direct
+41 44 268 15 64
lukas.h...@switch.ch,
http://www.switch.ch