> We have a shibboleth application which only needs to be accessible by
> HE & FE institutions due to copyright issues. It seems the UK federation
> includes schools, HE, FE and research.
And also some commercial.
> Is there a way to only allow HE & FE institutions in the apache config
> file with the require keyword ?
I'm afraid not.
> Is there a concept of virtual organizations on the uk federation where
> it is possible to check which institutions belongs to which VO
> (ie schools, HE, FE, research) ?
Not at present. These is a somewhat similar concept of particular
entities in the federation metadata being marked by the federation
operator as having particular properties, in particular whether an
IdP claims user accountability or not.
Coincidentally, I was looking at authorisation for some services today
with a similar requirement to yours. We had been planning on having
to enumerate the complete set of organisations matching our categories
ourselves. It would be interesting to hear from other SPs whether
this is a more general requirement (and what categories would be wanted
-- I bet there is less overlap there than you might hope).
If it is, it might be possible to persuade the federation operator to
mark IdP entities based on whether their users are HE, FE, etc., but
it's not as simple as it sounds:
* Is it just an opinion of the federation operator (easy to do)?
* Is it a claim made by the member (also easy to do, and accuracy
is probably covered by the general obligation on members in the
Rules to supply accurate data)?
* Is it a claim by the member, verified by the federation operator
against some external source of official information (more work,
what sources)?
If it sounds like this may be a more general requirement then I may
be able to take it up with the federation operator.
Fiona.
|