Hi Jon
Re: Alumni value - please see page 11 of the Technical Recommendations for
Participants -
http://www.ukfederation.org.uk/library/uploads/Documents/technical-recommend
ations-for-participants.pdf
Kind regards,
Jane
-----Original Message-----
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]] On Behalf Of Jon Warbrick
Sent: 05 February 2008 11:19
To: [log in to unmask]
Subject: Re: Shib for Alumni?
On Tue, 5 Feb 2008, Paschoud,J wrote:
> Jon,
>
> LSE is intending to include alumni in an enterprise directory, which
> will replace AD as the backend to our IdPs.
>
> Isn't there already a defined "alumni" value for ePSA?
I believe so.
> I don't see any reason why this would predjudice our continuing to work
> within the UK Fed.
My immediate concern was with user accountability. The registration of our
current IdP says that we are able to hold our users accountable. Which we
are as long as they are current 'members' of the University. I'm not sure
that we could make the same assertion of our Alumni, which suggests that
we'd at least need a separate IdP for them, which we might not want in the
normal UK Federation WAYF. Having gone this far, it's not clear that there
is any point in the UK Federation knowing anything about this IdP.
There is also the nagging worry that some SPs may be accepting any
authentication from IdPs that appear in the Federation metadata without
checking ePSA...
> I agree, acting as a (better LOA than OpenIdp) IdP would complement the
> 'LSE-associated' email service we now provide our alumni.
I understand that the Shib 2 IdP can (or will) do OpenID too...
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
----------------------------------------------------------------------
Anything in this message which does not clearly relate to the official
work of the sender's organisation shall be understood as neither given
nor endorsed by that organisation.
----------------------------------------------------------------------
|