 |
 |
>The fallback position (which we will be using ourselves if a more general >approach is not available in time) is to select from the federation >metadata the scopes of all IdP organisations of interest. The metadata >contains both the verified name of the organisation (which can be >compared with the lists Sean Dunne mentioned) and the scope. I've implemented and automated the above using some some XSLT, MySQL and PHP. This then creates a shibboleth ACL in xml format which I can use to authorise HE & HE only. Looking at the stats, there are 170 HE institutions in the JISC banding and only 61 have an IDP. There are 465 FE institutions in the JISC banding and only 18 have an IDP. Many of those which do not have an IDP seem to be members of the UK federation. Is there any reason why they are not installing an IDP ? >The SP then has to authorise based on eduPersonScopedAffiliation having one of >the selected scopes (and member, staff, student etc. as required). Thierry. Systems and Service Manager School of Informatics University of Westminster.