>
> Couple of questions:
> - Am I right in thinking that, if I read the message above right, we
> need to do nothing special for this, i.e. we can treat it like any other
> SP in the UK Fed? If we have a working Idp our students should be able
> to use this
Yes! (ours already are)
>
>
> - There was some confusion as to whether MS currently require us to
> assert 'student' in EPSA, of whether 'member' is enough? Do they require
> us to assert someone as 'student'? (is EPSA the only attribute they need?)
No, EPSA is _not_ required.
My tests indicate _nothing_ is required apart from the ability to authenticate via the IdP. Like I said yesterday - I tried a user for whom I release no attributes - nothing at all - apart from the fact that they could login, and was congratulated on being a student.
When I queried attribute usage via the "contact us" form I received the response from microsoft that I posted here on the 21st. I'll repeat it as everyone still seems to be asking the same question, the link is:
https://downloads.channel8.msdn.com/policies/attributes.aspx
which says:
"For granting access to users to download software products from Microsoft Dreamspark site, the DreamSpark SP needs at least one of the following from our trusted Shibboleth Identity Providers:
Name identifier assertion subject
Built-in header Shib-IdentityProvider-Name
Additionally (optional), we recommend (for preventing piracy and providing better user experience) Identity Providers to kindly release the following attributes as well:
eduPersonScopedAffilation OR eduPersonAffiliation OR eduPersonUnscopedAffiliation
eduPersonPrincipalName OR eduPersonTargetedID"
So EPSA, EPPN, EPTID are all _optional_ and therefore it doesn't matter two hoots whether they're there or not, but beware of the caveat in which they say:
"Please note that our policies are likely to change over time. Therefore, please visit this page often for any updated policy requirements." ;-)
Cheers
Andy
|