 |
 |
In the "already logged in" use case I'd hope that Shibboleth SPs would be able to provide specially crafted links to bypass the WAYF for users that are known to be from a specific IdP. Otherwise users may have to go through some sort of WAYF like procedure at the service provider each time they arrive, regardless of whether they are logged into their IdPs or not. This would be useful for all institutional portals, not just MyAthens. Tom. -----Original Message----- From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Alistair Young Sent: 07 April 2008 17:16 To: [log in to unmask] Subject: LA (Re: LA (Re: LA (Re: Confused about EDINA))) thanks Tom, that's helpful. I see what's meant by linking to shibb enabled resources from MyAthens now. They're just links but as you've already logged in to your IdP to get to MyAthens via AthensLA, you shouldn't have to login to access the shibbed resources from the links. <lightbulb on="true" /> Alistair -- mov eax,1 mov ebx,0 int 80h > Alistair, > > Having two routes for your users to log into a single service (which > provide different identifiers) would result in confusion. Which is why > using OpenAthens to access Shibboleth protected sites is not enabled for > those users originating from Shibboleth IdPs. MyAthens can be > customized by Administrators to contain links to Shibboleth protected > resources (such as those from EDINA and MIMAS) if it's required. > > The Shib->Athens gateway (now called AthensLA) still provides useful > functionality for organisations that require access to Athens protected > resources. > > Hopefully this helps clarify things a little. Our previous messages > might have been a little ambiguous. > > Tom Demeranville. > Senior Software Engineer. > Eduserv Athens. > > > -----Original Message----- > From: Discussion list for Shibboleth developments > [mailto:[log in to unmask]] On Behalf Of Alistair Young > Sent: 07 April 2008 16:32 > To: [log in to unmask] > Subject: LA (Re: LA (Re: Confused about EDINA)) > > sounds like the Shibboleth to Athens Gateway isn't going to be much use > after July. > >>> > Subscribers to OpenAthens will be able to access Shibboleth targets >>> > within UKAMF > by that, I presume OpenAthens means the "Athens IdP". AFAIK a > subscription > to OpenAthens also gets you access to the Shibb -> Athens gateway. So > you > can still access non shibb resources via My Athens. > > The confusing point was about OpenAthens being able to produce any kind > of > relevant "badge", Athens, Shibboleth, whatever. I think that refers to > OpenAthens in its many forms (Shibb -> Athens Gateway, Athens IdP etc.) > and the Shibb -> Athens Gateway will remain just that, a "protocol > bridge" > between shibb and athens. It will only ever produce one type of badge. > An > Athens badge. > > Hence when EDINA, MIMAS etc drop support for Athens badges we must go > via > the fed to reach them as the current Shibb -> Athens Gateway will not > get > us there any longer. > > Alistair > > > -- > mov eax,1 > mov ebx,0 > int 80h > >> Alistair Young wrote: >> >>> from Andy: >>> > Subscribers to OpenAthens will be able to access Shibboleth targets >>> > within UKAMF >>> >>> from my reading of the above, that would suggest Jorum will still be >>> available from My Athens after July 2008, although it states Athens >>> support will be withdrawn. >> >> I would expect Jorum to disappear from My Athens when EDINA stops > offering >> access to it via the proprietary Athens protocols. It would be > possible >> for My Athens to list non-Athens resources, but it would be hard to > know >> which ones, when the decisions about whether a user is authorised to >> access >> each resource are distributed (with individual SPs) rather than >> centralised >> (with Athens). >> >> Fiona. >> > > > > Unless otherwise agreed expressly in writing by a senior manager of > Eduserv, this communication is to be treated as confidential and the > information in it may not be used or disclosed except for the purpose > for which it has been sent. > If you have reason to believe that you are not the intended recipient > of this communication, please contact the sender immediately. > No employee or agent is authorised to enter into any binding agreement > or contract on behalf of Eduserv or Eduserv Technologies Ltd., unless > that agreement is subsequently confirmed by the conclusion of a written > contract or the issue of a purchase order. > Eduserv (Limited by Guarantee) – company number 3763109 - and > Eduserv Technologies Ltd – company number – 4256630 - are both > companies incorporated in England and Wales and have their registered > offices at Queen Anne House, 11 Charlotte Street, Bath, BA1 2NE. > > Unless otherwise agreed expressly in writing by a senior manager of Eduserv, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee or agent is authorised to enter into any binding agreement or contract on behalf of Eduserv or Eduserv Technologies Ltd., unless that agreement is subsequently confirmed by the conclusion of a written contract or the issue of a purchase order. Eduserv (Limited by Guarantee) – company number 3763109 - and Eduserv Technologies Ltd – company number – 4256630 - are both companies incorporated in England and Wales and have their registered offices at Queen Anne House, 11 Charlotte Street, Bath, BA1 2NE.