On Thu, 15 Dec 2011, Matthew Slowe wrote:
> Something like a OpenID-Shibboleth bridge service with no
> accountability?
Probably, though I expect there would be a nervousness about accepting
arbitrary OpenID providers, even though the LoA would probably be
comparable with anything we could realistically run ourselves.
> I think there might be one of those floating around but probably quite
> easy to do with simplesamlphp given an afternoon and the inclination :-)
...and the expertise, which we don't currently have.
There's also the issue of future support and the (perceived? actual?)
flakiness of some OpenID providers. Experience suggests that the moment we
(central computing) provide a service we are immediately expected to make
it work with full enterprise reliability. Google calendar is an example -
people have been using it for years but as soon as we rolled out Google
Apps for Education we seemed to immediately become responsible for its
various failings.
Jon.
--
Jon Warbrick
Information Systems Development, Computing Service, University of Cambridge
|