JISCMail - JISC-SHIBBOLETH Archives

I agree with Rod. There is a current JISC project looking at (among other things) using attributes to personalise services so we should at least have more information in this area soon. I think SPs will become more granular but like everyone else most are starting with basic attribute exchange and building up from that point.

Rod Widdowson wrote:

There's been a lot of talk of granular access to resources using
Shibboleth but AFAICS it's all on the IdP side. An IdP can be as granular
as you like but will SPs be this granular too?

<Speaking for noone but myself>

It strikes me that if the SP cares enough to charge for access at a given granularity the least you should expect is for it to put in the infrastructure to allow it to track that charging. As we discussed at McShib (free plug - these events are well worth going to if you are within reaching distance of them) SAML/Shib have plenty of mechanisms to allow this to be passed along, but this wouldn't be the first time that Marketing invented a wizzard wheeze and forgetting to tell the tech guys to do their bit...

/r

----- Original Message ----- From: "Alistair Young" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, January 23, 2008 8:54 AM
Subject: Translating Athens org_id to the federation

folks,

can someone shed any light on this? To take an example, going through
Athens, Myilibrary decides what eBooks a user can see based on their
institution's org_id. This means it's very difficult (if not impossible)
to vary what eBooks users within that institution see when they login to
My Athens. AFAIK the org_id is inferred from the IdP's entityId so to
create subsets of eBooks collections one would have to configure one's IdP
to answer to many entityIds and have multiple presences in the WAYF. Not
ideal and suppliers are not keen to support this.

Will the federation make it easier to create subcollections of resources
from one SP? e.g. will a supplier such as Myilibrary work with SAML
attributes and can an IdP arrange for different bags of eBooks to be
associated with different values of that attribute?

There's been a lot of talk of granular access to resources using
Shibboleth but AFAICS it's all on the IdP side. An IdP can be as granular
as you like but will SPs be this granular too?

thanks,

Alistair

--
mov eax,1
mov ebx,0
int 80h

-- 
Nicole Harris
Senior Services Transition Manager
JISC Executive
Brettenham House (South Entrance)
5, Lancaster Place
London WC2E 7EN

Tel: 02030066035
Mob: 07734058308

----------------------------------------------------------------------
Anything in this message which does not clearly relate to the official
work of the sender's organisation shall be understood as neither given
nor endorsed by that organisation.

----------------------------------------------------------------------