With this kind of driver we would reconsider our attribute release.
We have the technical ability to get much finer grained attributes, indeed grouper and appropriate data flow give us the ability to get really fine grained in user description and we use this information internally (shib is our internal SSO as well as federated SSO). However so far we have only needed member@ for the federated use case so that's what we release.
Cal
>-----Original Message-----
>From: Discussion list for Shibboleth developments [mailto:JISC-
>[log in to unmask]] On Behalf Of Nicole Harris
>Sent: 09 February 2012 11:48 AM
>To: [log in to unmask]
>Subject: Re: ScopedAffiliation
>
>Thanks for all of the responses. If any of you are slightly curious
>about the why I'm asking.... (the rest can stop reading now)
>
>
>
>
>We are looking at trying to pull in some more services to the UK
>federation that could usefully reduce administration and provide a
>better service by being able to get 'verified student' status via
>attributes rather than photocopied letters, cards etc. etc. I'm
>thinking TfL, british rail, student travel services, NUS services etc.
>etc. We already have a small handful of services doing this within the
>federation (student unions, a student accommodation service, a couple of
>commercial organisations) but its an area I'd like to see grow.
>
>Ambitious, and we could probably use the help of you all to help target
>people within various services that we could talk to. There's some good
>examples of these types of SPs over at the Edugate federation:
>http://www.edugate.ie/content/edugate-members.
>
>On 09/02/2012 11:16, Mark Cairney wrote:
>> We release all values of eduPersonScopedAffiliation to all SPs in the
>UK Federation. Outwith the Federation we would have to put in an
>additional filter to release it which would only happen if a
>> SP had asked for it specifically.
>> By default we only release the eduPersonTargetedID and the
>TransientID.
>>
>> We only use the staff, student, alum and member values.
>>
>> On 9 Feb 2012, at 10:37, Andy Swiffin wrote:
>>
>>>> A quick question about current practises around
>eduPersonScopedAffiliation.
>>>>
>>>> Do your institutions typically release all values of
>ScopedAffiliation to most
>>>> services across the board, only typically release member@ and then
>manage
>>>> release of other values, or something entirely different?
>>>>
>>>> Answers on the usual postcard with much appreciation.
>>> [Andy Swiffin:]
>>>
>>> All values are sent to everyone.
>>> Andy
>>>
>>>
>>> The University of Dundee is a registered Scottish Charity, No:
>SC015096
>>>
>> /*********************************
>> Mark Cairney
>> ITI UNIX Section
>> Information Services
>> University of Edinburgh
>>
>> Tel: 0131 650 6565
>> Email: [log in to unmask]
>>
>> *********************************/
>>
>>
>
>
>--
>-------------
>JISC Advance
>Brettenham House
>5 Lancaster Place
>London WC2E 7EN
>
>phone: 02030066040
>skype: harrisnv
>twitter: @nicoleharris
|