On Tue, 10 Apr 2007, Alistair Young wrote:
>> you can't have a seamless transition from a
>> non-privacy-preserving to a privacy-preserving identifier scheme
> that's the point though. The identifiers are privacy-preserving but the
> service is still in non-privacy-preserving mode. That's why they ask for
> private information that the privacy-preserving identifier fails to
> provide.
I think there is some confusion here over which of the Eduserv gateways we
are talking about. I think Alistair is talking about the Shib-to-Athens
gateway (the one that allows people with access to a Shib IdP to access
resources that are currently protected by Athens), but Nicole was clearly
talking about the Athens-to-Shib Gateway. It would be helpful if we could
clarify what we are actually talking about!
> A seamless approach would be to transport the required information in
> attributes and let the SP do the account linking [...]
Quite so. But since (as far as I understand it) the Athens protocol
doesn't provide a general attribute transport mechanism that's presumably
a non-starter?
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
|