Mari Cruz Garcia wrote:
> I believe that OpenID belongs to its community of users, where Shibboleth
> somehow "frames" you in the "jurisdiction" of your regional or national
> federation.
Josh has mentioned likely future moves towards Shibboleth inter-federation.
There may be a case for using OpenID in some situations (e.g., cross
European projects) before that happens but note that the reason why
OpenID does not have this "framing" is that it doesn't really have a
trust infrastructure at all, which is one of the useful things that
a federation (national or otherwise) provides. That means that with
OpenID, if you want assurance about who your users are, you have to
register them yourself individually, which is harder the more users
you have.
> However, in the case of the e-portfolios platforms -Wordpress and Google
> apps are being currently used as eportfolios platforms de facto-, OpenID
> can play a crucial role.
The requirements of e-portfolios, repositories, etc., where a service
inherhently wants to know a user's "real" name or other personal
information, are specifically mentioned in the report as one possible
application for OpenID (section 8, "Implications", ii).
Another approach, however, is to build up processes and practices
that would help operators of Shibboleth IdPs within the UK federation
to be more relaxed about releasing the kinds of personal attributes
such services require. Echoing Josh, this is an administrative/data
protection issue, not a technical one. (Technically, a Shibboleth IdP
can send any atttribute information required). There already seem
to be some moves in this direction:
http://www.jisc.ac.uk/fundingopportunities/funding_calls/2008/11/consentmana
gementitt.aspx
Cheers,
Fiona.
|