 |
 |
Hi Paul Please see the attached slides. You could also use IP or IP-proxy. Some IP proxy software products are already Shibboleth enabled. We will be sending out further information about this soon. Kind regards, Jane ------------------------------------ Jane Charlton Access Management Outreach Co-ordinator, JISC <mailto:[log in to unmask]> * [log in to unmask] <mailto:[log in to unmask]> ( +44 (0)20 3006 6041 M: +44 (0)776 017 3223 F: +44 (0)117 954 5078 : www.jisc.ac.uk ________________________________ From: Discussion list for Shibboleth developments on behalf of Paul MADDOCK Sent: Mon 07/04/2008 18:53 To: [log in to unmask] Subject: Re: LA (Re: LA (Re: LA (Re: Confused about EDINA))) It seems to me that there will be a number of possible routes to accessing resources after July and after all this discussion it would be really helpful to me (and others I am sure), if someone could draw out all the routes/paths that are available to a Shibbolith enabled organisation to access athens/shib enabled resources. Or is it really all that simple?? Paul Paul Maddock IT Director Warwickshire College Leamington Spa CV32 5JE UK Tel: +44 (0) 1926 318013 Fax: +44 (0) 1926 318111 email: [log in to unmask] WWW www.warkscol.ac.uk >>> Tom Demeranville <[log in to unmask]> 04/07/08 5:26 PM >>> In the "already logged in" use case I'd hope that Shibboleth SPs would be able to provide specially crafted links to bypass the WAYF for users that are known to be from a specific IdP. Otherwise users may have to go through some sort of WAYF like procedure at the service provider each time they arrive, regardless of whether they are logged into their IdPs or not. This would be useful for all institutional portals, not just MyAthens. Tom. -----Original Message----- From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Alistair Young Sent: 07 April 2008 17:16 To: [log in to unmask] Subject: LA (Re: LA (Re: LA (Re: Confused about EDINA))) thanks Tom, that's helpful. I see what's meant by linking to shibb enabled resources from MyAthens now. They're just links but as you've already logged in to your IdP to get to MyAthens via AthensLA, you shouldn't have to login to access the shibbed resources from the links. <lightbulb on="true" /> Alistair -- mov eax,1 mov ebx,0 int 80h > Alistair, > > Having two routes for your users to log into a single service (which > provide different identifiers) would result in confusion. Which is why > using OpenAthens to access Shibboleth protected sites is not enabled for > those users originating from Shibboleth IdPs. MyAthens can be > customized by Administrators to contain links to Shibboleth protected > resources (such as those from EDINA and MIMAS) if it's required. > > The Shib->Athens gateway (now called AthensLA) still provides useful > functionality for organisations that require access to Athens protected > resources. > > Hopefully this helps clarify things a little. Our previous messages > might have been a little ambiguous. > > Tom Demeranville. > Senior Software Engineer. > Eduserv Athens. > > > -----Original Message----- > From: Discussion list for Shibboleth developments > [mailto:[log in to unmask]] On Behalf Of Alistair Young > Sent: 07 April 2008 16:32 > To: [log in to unmask] > Subject: LA (Re: LA (Re: Confused about EDINA)) > > sounds like the Shibboleth to Athens Gateway isn't going to be much use > after July. > >>> > Subscribers to OpenAthens will be able to access Shibboleth targets >>> > within UKAMF > by that, I presume OpenAthens means the "Athens IdP". AFAIK a > subscription > to OpenAthens also gets you access to the Shibb -> Athens gateway. So > you > can still access non shibb resources via My Athens. > > The confusing point was about OpenAthens being able to produce any kind > of > relevant "badge", Athens, Shibboleth, whatever. I think that refers to > OpenAthens in its many forms (Shibb -> Athens Gateway, Athens IdP etc.) > and the Shibb -> Athens Gateway will remain just that, a "protocol > bridge" > between shibb and athens. It will only ever produce one type of badge. > An > Athens badge. > > Hence when EDINA, MIMAS etc drop support for Athens badges we must go > via > the fed to reach them as the current Shibb -> Athens Gateway will not > get > us there any longer. > > Alistair > > > -- > mov eax,1 > mov ebx,0 > int 80h > >> Alistair Young wrote: >> >>> from Andy: >>> > Subscribers to OpenAthens will be able to access Shibboleth targets >>> > within UKAMF >>> >>> from my reading of the above, that would sugge>> I would expect Jorum to disappear from My Athens when EDINA stops > offering >> access to it via the proprietary Athens protocols. It would be > possible >> for My Athens to list non-Athens resources, but it would be hard to > know >> which ones, when the decisions about whether a user is authorised to >> access >> each resource are distributed (with individual SPs) rather than >> centralised >> (with Athens). >> >> Fiona. >> > > > > Unless otherwise agreed expressly in writing by a senior manager of > Eduserv, this communication is to be treated as confidential and the > information in it may not be used or disclosed except for the purpose > for which it has been sent. > If you have reason to believe that you are not the intended recipient > of this communication, please contact the sender immediately. > No employee or agent is authorised to enter into any binding agreement > or contract on behalf of Eduserv or Eduserv Technologies Ltd., unless > that agreement is subsequently confirmed by the conclusion of a written > contract or the issue of a purchase order. > Eduserv (Limited by Guarantee) âEUR" company number 3763109 - and > Eduserv Technologies Ltd âEUR" company number âEUR" 4256630 - are both > companies incorporated in England and Wales and have their registered > offices at Queen Anne House, 11 Charlotte Street, Bath, BA1 2NE. > > Unless otherwise agreed expressly in writing by a senior manager of Eduserv, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee or agent is authorised to enter into any binding agreement or contract on behalf of Eduserv or Eduserv Technologies Ltd., unless that agreement is subsequently confirmed by the conclusion of a written contract or the issue of a purchase order. Eduserv (Limited by Guarantee) - company number 3763109 - and Eduserv Technologies Ltd - company number - 4256630 - are both companies incorporated in England and Wales and have their registered offices at Queen Anne House, 11 Charlotte Street, Bath, BA1 2NE. ----- Warwickshire College - A Grade One 'Outstanding' College. Don't just take our word for it... Click here to read the full Ofsted Inspection report http://www.warkscol.ac.uk/inspection DISCLAIMER The information in this email and any files transmitted with it is confidential. The contents may not be disclosed or used by anyone other than the intended recipient. Any opinions expressed in this email are those of the individual and not necessarily the College. Warwickshire College cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network. If you have received this email in error please notify the IS manager by telephone on +44 (0)1926 318013 or via email to [log in to unmask] and include a copy of this message. Please then delete this email and destroy any copies of it. <<<>>> ---------------------------------------------------------------------- Anything in this message which does not clearly relate to the official work of the sender's organisation shall be understood as neither given nor endorsed by that organisation. ----------------------------------------------------------------------