George Inman wrote:
> e.g. when a student comes to
> the university they are asked to register an OpenID account which is
> then placed along with their other attributes in the universities
> LDAP/Database and then can be used to log into the universities IdP in
> the same manner that user name and passwords are used and the university
> can then issue a SAML assertion containing the users SSO information.
> [...] This means that the university can
> be the authoritive source of any attributes directly related to itself
> [...]
This had been my original hope (is this the sort of crossover David Orrell
had in mind?) However, aside from the wrinkles Josh mentions,
persuading organisations to register their users' OpenID accounts
may not be easy. The report quotes one response:
"why would the University put in effort to make it easier for
students to access other people’s [non-academic] resources?"
I.e., in Andy's terms, the natural focus is on the "inside".
Fiona.
|