> There's been a lot of talk of granular access to resources using
> Shibboleth but AFAICS it's all on the IdP side. An IdP can be as granular
> as you like but will SPs be this granular too?
>
<Speaking for noone but myself>
It strikes me that if the SP cares enough to charge for access at a given
granularity the least you should expect is for it to put in the
infrastructure to allow it to track that charging. As we discussed at
McShib (free plug - these events are well worth going to if you are within
reaching distance of them) SAML/Shib have plenty of mechanisms to allow this
to be passed along, but this wouldn't be the first time that Marketing
invented a wizzard wheeze and forgetting to tell the tech guys to do their
bit...
/r
----- Original Message -----
From: "Alistair Young" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, January 23, 2008 8:54 AM
Subject: Translating Athens org_id to the federation
> folks,
>
> can someone shed any light on this? To take an example, going through
> Athens, Myilibrary decides what eBooks a user can see based on their
> institution's org_id. This means it's very difficult (if not impossible)
> to vary what eBooks users within that institution see when they login to
> My Athens. AFAIK the org_id is inferred from the IdP's entityId so to
> create subsets of eBooks collections one would have to configure one's IdP
> to answer to many entityIds and have multiple presences in the WAYF. Not
> ideal and suppliers are not keen to support this.
>
> Will the federation make it easier to create subcollections of resources
> from one SP? e.g. will a supplier such as Myilibrary work with SAML
> attributes and can an IdP arrange for different bags of eBooks to be
> associated with different values of that attribute?
>
> There's been a lot of talk of granular access to resources using
> Shibboleth but AFAICS it's all on the IdP side. An IdP can be as granular
> as you like but will SPs be this granular too?
>
> thanks,
>
> Alistair
>
>
> --
> mov eax,1
> mov ebx,0
> int 80h
>
>
|