On 12/16/05, Josh Howlett <[log in to unmask]> wrote:
>
> http://www.jisc.ac.uk/uploaded_documents/UK_PositionPaper.doc
>
> it states: "the majority view in the UK is that an opaque but persistent
> identifier, which among other things makes gathering of management
> statistics a lot easier, is an acceptable level of compromise."
>
> This is from Sept 2004. Is this still the current position?
Nobody responded to this policy question (nor can I) but I will offer
some technical comments and an observation. SAML1 specifies a handful
of name identifier formats, all of which are persistent and
transparent (i.e., not opaque). In addition, Shibboleth specifies an
opaque identifier with "transient semantics" but I claim it can not be
used for anything other than the intended browser profiles (for
instance, I have been unable to leverage the Shib handle in the
non-browser case). SAML2, on the other hand, specifies additional
formats, including both transient and persistent identifiers.
https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/NameIdentifierFormat
I presume the SAML2 persistent identifier is what Josh was talking
about, but of course SAML2 is still a ways off so what do we do in the
mean time? Well, there is a persistent *attribute* called
eduPersonTargetedID (ePTID), which as it turns out is one of
InCommon's "highly recommended" attributes. (I don't know if other
federations have published policy about this attribute.)
An open question in my mind is the relationship between ePTID and the
emerging SAML2 persistent identifier. Are the two mutually exclusive?
Will ePTID go away once the persistent identifier arrives? What are
the ramifications for institutions who choose to invest in ePTID now?
These are questions that beg for answers. Without them, investing in
this little bit of persistent infrastructure is tenuous at best.
Tom
|