We're starting to see a lot of "issues" arise with resources behind the Athens Shibboleth Gateway, such as resource providers who claim to support Shibboleth but do not. Other resource providers who ask for personal information once you've reached them via Shibboleth and others who just don't know what's happening.

It seems the gateway carries out the Authn part while the Authz is left up to the resource providers. However, they have no attributes on which to base authz so they ask for more information from the user. i.e. the user logs in to Athens via the gateway then fills in the blanks at the resource provider.

Will this still be the case in the uk federation? Or will resource providers make more use of attributes to provide seamless access to their resources?

To be fair, resource providers have always asked for this extra information but as our users understand Shibboleth, that shouldn't have to happen any more. Attributes are meant to be used to transport this information to the resource provider.

Alistair

--------------

mov eax,1

mov ebx,0

int 80h