On 4/24/15 4:23 AM, Paul Haldane wrote:
> I've trawled the archives and the last time I could see significant
> discussion of how we handle authentication of external people who
> don't have a home IdP and who we don't want to give a standard
> institutional account to was back in December 2011
> (https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=JISC-SHIBBOLETH;d0b7395d.1112).
>
> There were various suggestions mooted at the time (OpenID-Shibboleth
> bridge, separate "friends of" IdP, https://openidp.feide.no/).
>
> Did any of these come to fruition and/or get adopted as the standard
> way to deal with this?
>
Brown (and a number of other schools here in the US) have relationships
with Cirrus Identity, a company which offers a gateway service:
http://cirrusidentity.com/
We use it for the problem you describe. In addition, the InCommon
Federation uses the Cirrus GW to provide these "homeless" people with
access to some of their services.
|