Which identifier? The actual NAI that the user entered into their ID card or into a username box? Or the non-reversible hash?
Stefan
________________________________________
From: Moonshot community list [[log in to unmask]] on behalf of Cantor, Scott [[log in to unmask]]
Sent: 31 May 2014 17:51
To: [log in to unmask]
Subject: Re: Attribute filtering / access control with moonshot
On 5/31/14, 10:10 AM, "Josh Howlett" <[log in to unmask]> wrote:
>
>Aaa-saml defines an SAML NAI name identifier already, so I think we're
>almost there. The question in my mind is whether that is sufficient, or
>if we need to qualify this with the type of Moonshot AAA identifier being
>used? I don't believe we do, but interested in other views...
I can't imagine not needing to know at some point what the identifier
actually is. If nothing else, you've lost bidrectionality by losing that
information.
-- Scott
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
|