>
>> Mimas would be interested as a supplier in using an indication in the
>> metadata of whether an organization owning an IdP was either HE, FE,
>> Research Council (or other).
I've been following this discussion with interest (although I've had to go back and read the archives a few times to make sure I'm getting the right end of the stick!)
I agree with Jon, I can't see it working if the HE/FE etc flag was incorporated as part of the metadata. Granted we will only assert EPSA as member correctly, there are still other "anyones" lurking in the directory that we would not want to make an implicit assertion of "HE" about even if not asserting EPSA=member.
<[log in to unmask]> wrote:
> That is then a claim by the IdP about the user. In theory that's fine,
> since the IdP has agreed in the Rules to only make accurate statements.
> However, there are some cases where you want to know that a third party
> (the federation operator) supports the claim.
Is that necessary? The IdP operator has agreed to abide by the rules and only assert the truth - there has to be some "trust" that they will do that.
From the discussion it does seem like either a new attribute is required or new values for EPSA. Although that is probably something that puts ice in the hearts of those tasked with negotiating it! Could eduPersonEntitlement be used in the meantime? From "Technical Reccomendations": "This attribute enables an organisation to assert that a user satisfies an additional set of specific conditions that apply for access to a particular resource." OK, not quite in the spirit of it, it's not "additional conditions" but preconditions, but would a value in there do the job for now? The SPs who want to restrict access to HE, FE, Schools or whatever can then specify a value they would like and we're free to put it in and deliver it as appropriate. But again, IdPs should be trusted to make a truthful assertion here or else what's the point of the "federation" rules.
my groats worth.
Andy
--
*********
Andy Swiffin
Senior Network Specialist, Corporate Information systems
Information & Communications Services (ICS)
University of Dundee, Computing Centre, Park Place, Dundee, DD1 4HN
Direct: 01382 388000 (Service Desk)
Visit our website at: www.dundee.ac.uk/ics
*********
The University of Dundee is a registered Scottish charity, No: SC015096
|