thanks for that Nicole.
> all the publishers have coped with it.
that's encouraging. Good to know someone has blazed a trail.
thanks,
Alistair
--
mov eax,1
mov ebx,0
int 80h
> Hi Alastair
>
> We use it at JISC, separating jisc.ac.uk and collections.jisc.ac.uk as
> collections purchase resources that we don't - we use ScopedAffiliation
> for this. I know some people aren't keen but it works well for us and
> all the publishers have coped with it.
>
> N.
>
> ---------------
> JISC Executive
> JISC London office
> 1st Floor, Brettenham House South
> 5 Lancaster Place
> London WC2N 7EN
>
> tel: +44 (0)20 3006 6035
> mobile: +44 (0)7734 058308
> fax: +44 (0)20 7240 5377
>
>
>
> Alistair Young wrote:
>>
>> Hi folks,
>>
>> I was wondering if anyone has any best practice recommendations based on
>> previous experience with suppliers. The scenario is a single IdP
>> asserting
>> multiple scopes for a single user. i.e. domain.ac.uk, sub.domain.ac.uk
>> and
>> having a supplier in the federation use these scopes to tailor resource
>> access.
>>
>> All users in domain.ac.uk get access to X resources. Users who are
>> deemed
>> to be affiliated to sub.domain.ac.uk get access to Y resources, in
>> addition to X resources.
>>
>> This is possible using OpenAthens and permission sets. Has anyone tried
>> this with a supplier in the federation using attributes?
>>
>> Would it be best to use eduPersonScopedAffiliation to do this?
>>
>> <Attribute AttributeName="...eduPersonScopedAffiliation"
>> AttributeNamespace="...">
>>
>> <AttributeValue Scope="domain.ac.uk">member</AttributeValue>
>> <AttributeValue Scope="sub.domain.ac.uk">member</AttributeValue>
>>
>> </Attribute>
>>
>> This is where the real value of shibboleth comes in, partitioning
>> resources based on institutional structure/licensing.
>>
>> thanks,
>>
>> Alistair
>>
>>
>>
>> --
>> mov eax,1
>> mov ebx,0
>> int 80h
>>
>
> ----------------------------------------------------------------------
> Anything in this message which does not clearly relate to the official
> work of the sender's organisation shall be understood as neither given
> nor endorsed by that organisation.
>
>
> ----------------------------------------------------------------------
>
|