> * Diamond went a different direction and decided to map
> Chargable-User-Identity into an identifier that gets mapped
> eventually
> into local-login-user.
Just to clarify, we selected CUI because:
a) it will be used in the eduroam space (and we'd like to make it easier for eduroam users to be able to use our facility, which allows us to capture a huge part of our current user base)
b) it is designed to uniquely (and consistently) identify a user without knowing their actual username (i.e. the inner-tunnel 'User-Name' attribute)
We do not *set* CUI for the purpose of using it elsewhere. The only processing we do with CUI is to look up a local username in our database for the CUI we receive from a home IdP (if they send one, wherever they may be). We're trying to make use of what's out there now and make sure it allows us to do what we need to do today. Once the trust router network is established (with a few IdPs and SPs), there is no doubt that we'll need to add post-processing for any assertions received that way, but that's a bridge we can only cross once it exists.
I don't see a divergence in what identity is... just people trying different things at different points in the process. We're all just testing boundaries.
:-)
Stefan
--
This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail.
Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd.
Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message.
Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
|