Hi everyone, I’m looking for input on how we can better handle the following situation: IGTF Personal Certificates are used for user authentication in collaborations between CERN and Norwegian universities. To enable certificate issuance, Identity Providers in eduGAIN must release certain attributes—most importantly, eduPersonPrincipalName, which GEANT requires for IGTF Personal Certificates [1]. However, HARICA does not currently require this attribute, and Feide cannot release attributes that are not explicitly required. As a result, Sikt is unable to provide IGTF Personal Certificates to our customers. The latest update we received from HARICA (on September 19) was: "This change is already in our plans, but we are also looking to introduce the 'subject-ID' attribute, which appears to be the optimal one for identity mapping. We are discussing internally how to prioritize this over other requested features." For now, we are implementing a workaround for Norwegian universities, but it’s disappointing that a certificate provider operating under a GEANT contract does not already support this. How can we apply more pressure on HARICA to prioritize this change?
[1] https://wiki.geant.org/pages/viewpage.action?spaceKey=TCSNT&title=TCS+20...
Thanks for any ideas—and wishing you all a great weekend ahead!
Hildegunn