 |
 |
At 7:37 PM +0000 2/5/08, Pete Walker wrote: > >A conversation here at Bristol may serve as use case?... > >"It may make more sense to handle something like OpenID for group >membership of external users, since the membership of Shibboleth >profiles (e.g. 'librarians at Russell group universities') had the >problem of not being associated with actual individuals. Along with >the reverse issue that researchers move around institutions >regularly - and this would result in the change of someone's >Shibboleth (i.e. institutional SSO related) identity - whilst an >OpenID can be carried between instit's - and hence associated >privileges from group membership at UoB as a third party instit. >retained." > You seem to be describing privileges that have been granted to me as a result of membership in a Virtual Organization (eg 'librarians at Russell group universities'). And that its my continued membership in those VOs that sustains this set of privileges? It doesn't sound like these privileges have been granted to me as an individual. Rather, I've obtained them indirectly, via my membership in the VO. And, if I'm removed from the 'librarians at Russell group universities' VO/group, I then immediately lose all privileges granted to those group members? Or am I misreading your use case?