Fiona,
Thanks. It seems others have similar requirements. Are you able to take it
further with the UK federation operator ? Do you have a rough estimates when
this would be done if the UK federation operator was to mark IDPs as whether
institutions are HE, FE, etc ?
Depending on the delay, is there a workaround I can use in the meantime
using static lists of HE & FE institutions formatted in a suitable format ?
Thanks
Thierry.
Systems and Services Manager
School of Informatics
University of Westminster.
-----Original Message-----
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]] On Behalf Of Fiona Culloch
Sent: 23 April 2008 18:02
To: [log in to unmask]
Subject: Re: UK federation VO
> We have a shibboleth application which only needs to be accessible by
> HE & FE institutions due to copyright issues. It seems the UK federation
> includes schools, HE, FE and research.
And also some commercial.
> Is there a way to only allow HE & FE institutions in the apache config
> file with the require keyword ?
I'm afraid not.
> Is there a concept of virtual organizations on the uk federation where
> it is possible to check which institutions belongs to which VO
> (ie schools, HE, FE, research) ?
Not at present. These is a somewhat similar concept of particular
entities in the federation metadata being marked by the federation
operator as having particular properties, in particular whether an
IdP claims user accountability or not.
Coincidentally, I was looking at authorisation for some services today
with a similar requirement to yours. We had been planning on having
to enumerate the complete set of organisations matching our categories
ourselves. It would be interesting to hear from other SPs whether
this is a more general requirement (and what categories would be wanted
-- I bet there is less overlap there than you might hope).
If it is, it might be possible to persuade the federation operator to
mark IdP entities based on whether their users are HE, FE, etc., but
it's not as simple as it sounds:
* Is it just an opinion of the federation operator (easy to do)?
* Is it a claim made by the member (also easy to do, and accuracy
is probably covered by the general obligation on members in the
Rules to supply accurate data)?
* Is it a claim by the member, verified by the federation operator
against some external source of official information (more work,
what sources)?
If it sounds like this may be a more general requirement then I may
be able to take it up with the federation operator.
Fiona.
|