I think this mostly demonstrates that Microsoft haven't *really* quite
grasped the concepts of Federated Access Management yet (I mean
collectively; I'm sure there are some individuals within the behemoth
that understand them well, but...).
They've got as far as doing the devolved AuthN bit, but not the (more
difficult?) bit about federated (and con-federated) AuthR. Not too
surprising, as at a global level there's still not much complete working
inter-federation, and not complete agreement on the attribute sets and
values that we all recognise as 'a student'.
But they should be encouraged for trying! And, they *do* still assert
license terms, with which we should all comply!
John
> -----Original Message-----
> From: Discussion list for Shibboleth developments
> [mailto:[log in to unmask]] On Behalf Of Matt Dunkin
> Sent: 21 February 2008 11:24
> To: [log in to unmask]
> Subject: Re: [JISC-SHIBBOLETH] DreamSpark and EPSA values
>
>
> >anyone who can obtain authentication from a UK Federation IdP
>
> Yep, even a commercial IdP. ;-)
>
> We don't have students, just members .
>
> Matt
>
> P.S. We're entitled to the software as a Microsoft Gold
> Partner but I was curious.
>
>
> >>> Jon Warbrick <[log in to unmask]> 21/02/2008 10:50 >>>
> On Thu, 21 Feb 2008, Andy Swiffin wrote:
>
> > Well, I am releasing EPSA but not anything else at the moment, and
> > EPSA
> > clearly indicates that I'm not a student but it's happy to
> let me in,
> > and in fact many thousands of other valid logins about
> which I assert
> > nothing at all in any attribute. But, hey-ho, I guess its not my
> > problem.
>
> While it looks as if almost(?) anyone who can obtain
> authentication from a
> UK Federation IdP can get into the site, I observe that the licence
> text (at least for Windows Server, perhaps others) includes;
<snip>
Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm
|