Why on earth would a resource want your login name? If it wants to
identify a user it has two options. The first seems to be used quite a
lot. Identity "out of band". The SP gets EPTI then pops up a page asking
for all your personal info. It then ties that personal info to that value
of EPTI.
It could also get private info by invoking the user accountability of the
IdP but that would only be if a breach of something occurred.
AFAIK EPPN is not an opaque id, that's EPTI, though no doubt multiple
interpretations of eduPerson lead to all sorts of values in EPPN.
Alistair
--
mov eax,1
mov ebx,0
int 80h
>>>> On 08/04/2008 at 10:15, in message
>>>> <[log in to unmask]>,
> "Thornley, Dave H" <[log in to unmask]> wrote:
>> We generate a value hashed from staff or student id number and store it
>> in
>> EPPN in the directory. This is what's passed out to SPs needing it.
>>
>
> Although this is a nice solution to the issue of exposing privacy will it
> cause problems in the future? This satisfies Ian Youngs definition in
> http://www.ukfederation.org.uk/library/uploads/Documents/technical-recommendations-for-participants.pdf
> where he says:
>
> "This attribute is used where a persistent user identifier, consistent
> across different services, is required."
>
> But he goes on to say: "It often corresponds to the users single sign-on
> (SSO) name" and in conversations with others elsewhere (outside the UK) it
> almost always seems to be assumed that EPPN will be the login name. Not
> that it should EVER be exposed.... Naughty Landmap for asking for it,
> wouldn't EPTID do?
>
> So, World, is Dave's solution the one to go for? I'm terrified of making
> a decision which will come back to haunt me big time!
>
> Andy
>
> --
>
> *********
> Andy Swiffin
> Senior Network Specialist, Corporate Information systems
> Information & Communications Services (ICS)
>
> University of Dundee, Computing Centre, Park Place, Dundee, DD1 4HN
> Direct: 01382 388000 (Service Desk)
> Visit our website at: www.dundee.ac.uk/ics
> *********
>
>
> The University of Dundee is a registered Scottish charity, No: SC015096
>
|