On Tue, 1 Jul 2008, Ian Young wrote: > [lots of good stuff] ... most of which I entirely agree with. The problem that I'm seeing is that some suppliers appear to be enabling Shib access (at least for their current customers) based on ePSA of member@<inst>.ac.uk, and perhaps release of an ePTID, despite the fact that the 'authorised users' clauses in the relevant contracts may not match either the UK federation definition of member@... or that of the institution. For example I believe that one service, currently restricted to staff, will shortly grant access via Shib based on member@<inst>.ac.uk. This obviously worries the people who sign the contracts - if unauthorised access comes to light as a result, who will be held responsible? There is also a danger that it will influences the allocation of member@... ePSA values, perhaps only to that subset of people who fall within the 'authorised users' clauses of _all_ an institution's electronic resources. This is clearly wrong and overly restrictive, and will really come home to haunt us if/when Shib access takes off further - perhaps into the e-science arena. I don't know the answers here, but the questions worry me. Jon. -- Jon Warbrick Web/News Development, Computing Service, University of Cambridge