
* Jiri Pavlik jiri.pavlik@mzk.cz [2019-07-23 15:03]:
At eduID.at all IdPs are fine with releasing eduPersonTargetedID according to
<md:EntityDescriptor... entityID="https://sdauth.sciencedirect.com/%22%3E ... I suppose. Is it correct, Peter?
Not sure what this is supposed to demonstrate but anyway:
Naturally -- being neither the IDP that sends data nor the SP who recieves data -- I have no way of knowing this for all euID.at IDPs.
(Full mesh federations are built that way so that no data passes though a central system. The benefits of that architecture for data protection and resilience far outweigh the drawback of limited visibility/insight, IMO.)
Having said that, it's a certainty not all eduID.at IDPs will support eduPersonTargetedID specifically (e.g. none of the ones installed in the last few years, I guess, since I don't even document that attribute anymore) and I'm pretty sure not all eduID.at IDPs suppport proper persistent NameIDs at all. E.g. some IDPs simply cannot deliver on the absolute non-reassignment requirement persistent NameIDs (of either format) have, because of local IDM system or process limitations. Others simply don't follow our recommendations, etc.
-peter