El 12/03/14 17:39, Stefan Paetow escribió:
>> * Diamond went a different direction and decided to map
>> Chargable-User-Identity into an identifier that gets mapped
>> eventually
>> into local-login-user.
>
> Just to clarify, we selected CUI because:
>
> a) it will be used in the eduroam space (and we'd like to make it easier for eduroam users to be able to use our facility, which allows us to capture a huge part of our current user base)
> b) it is designed to uniquely (and consistently) identify a user without knowing their actual username (i.e. the inner-tunnel 'User-Name' attribute)
>
> We do not *set* CUI for the purpose of using it elsewhere. The only processing we do with CUI is to look up a local username in our database for the CUI we receive from a home IdP (if they send one, wherever they may be). We're trying to make use of what's out there now and make sure it allows us to do what we need to do today. Once the trust router network is established (with a few IdPs and SPs), there is no doubt that we'll need to add post-processing for any assertions received that way, but that's a bridge we can only cross once it exists.
>
What is the role of TR here? moonshot already deals with assertion
sentences
regards, Gabi.
> I don't see a divergence in what identity is... just people trying different things at different points in the process. We're all just testing boundaries.
>
> :-)
>
> Stefan
>
>
--
--------------------------------------------------------------
Gabriel López Millán
Departamento de Ingeniería de la Información y las Comunicaciones
University of Murcia
Spain
Tel: +34 868888504
Fax: +34 868884151
email: [log in to unmask]
|