Hi Andy
No need to panic! The details found on the UK federation page you
mention refer only to the test version of Landmap that actually predates
the UK federation and the tightening up of attribute usage across the
community. A new version of Landmap is currently under development that
will require the eduPersonScopedAffiliation and eduPersonTargetedID
attributes and not eduPersonPrincipalName (you'll be glad to hear!).
Information about access management at Mimas, in greater detail than
that given by the UK federation webpages, is now available at
http://mimas.ac.uk/access (see
http://mimas.ac.uk/access/summary/#landmap for Landmap in particular).
Hope this helps.
Cheers
Dave
Andy Swiffin wrote:
> Hi,
>
> I note from the UK Federation attribute usage page (http://www.ukfederation.org.uk/content/Documents/AttributeUsage) that MIMAS Landmap needs to know EduPersonPrincipalName (userID), how are sites that are accessing Landmap through the Federation handling that? AIUI under Data Protection users need to give explicit permission for that to be exposed but as we don't know who the users of the resource are I'm not sure how I set shib up to do this?
>
> Am I right, we have to set up arp.site.xml to release EPPN to landmap, but then how do we restrict which users should have that attribute exposed? I was wondering if I could restrict the access that the account which will do the lookup so that it could read the attribute only from specific users. But the LDAP attribute is CN and it always needs to be able to read that. We could of course extend the schema and stick EPPN in there (duplicated from CN) for the specific users and give it access to that?
>
> How are the people who are already doing this doing it?
>
> I'm getting worried about the lack of documentation available for actually getting on and using this thing!!
>
> Regards
> Andy
>
--
Dave Chaplin
Mimas
The University of Manchester
Manchester M13 9PL
e: [log in to unmask]
t: 0161 275 7919
w: www.mimas.ac.uk
|