On Tue, 2007-04-10 at 12:43 -0700, RL 'Bob' Morgan wrote:
> Some applications have moved to federated access via an account-linking
> step. In this case a user might go to an Athens-run site that is
> protected via Shib, signon via their home institution IdP, then signon
> again via the Athens userid, linking the two. This info could be made
> available to anyone who needed it. Of course for this to be useful the
> user identifier provided to this service via Shib would have to be
> something sharable, ie not the usual targetedID implementation that is
> per-service.
One example of a service which lets you link your old Athens account up
to your new Shibboleth account is ZETOC (from MIMAS). If you had Alerts
set up with your Classic Athens account, the first time you logged into
ZETOC with Shib, you were presented with the possibility of connecting
the account to your old one, so that all of your alerts and
personalisation were migrated across.
(Having said that, it was many months ago when I was playing with this,
so I might be misremembering slightly - i'm sure the guys from MIMAS can
correct me if i'm wrong :-)).
For us, it would be very useful if other sites did this kind of thing
too. On the downside, it does hinder some of the intended
privacy-preservation paradigm of Shib, but on the upside, our 30,000
users don't have to manually turn off alerts and personalisation (saved
searches, etc) on their old account and turn them back on on their new
accounts.
So ideologically, account linking is a bad thing and anyone who does it
are bad people, but from a real life supporting tens of thousands of
users in migrating all of their personalisation perspective, account
linking is a wonderful wonderful thing and any resource that enables it
are lovely people!
R.
--
----------------------------------------------------------------------
Rhys Smith e: [log in to unmask]
Engineering Consultant: Identity & Access Management (GPG:0xDE2F024C)
Information Services,
Cardiff University, t: +44 (0) 29 2087 0126
39-41 Park Place, Cardiff, f: +44 (0) 29 2087 4285
CF10 3BB, United Kingdom. m: +44 (0) 7968 087 821
----------------------------------------------------------------------
|