 |
 |
It can get even worse - we have a licence with a major service provider that would allow access to staff who are "retired, with proof of 60 years in age or over" ... Ross Ross Hayworth Serials and Electronic Resources Manager Queen Mother Library University of Aberdeen Aberdeen AB24 3UE [log in to unmask] -----Original Message----- From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Matt Dunkin Sent: 30 June 2008 22:01 To: [log in to unmask] Subject: Going Beyond Staff and Student I've been working with a number of institutions recently and the same problem keeps cropping up. Theattribute has 7 fixed values. I know the library-walk-in seems to have been ratified but I'm in denial at the moment! For normal staff (paid for by the University or College) and students (doing a home institution course) they are easy. If only life was that simple! Most institutions have students on campus, maybe from another partner institution doing a module, who are entitled to use some resources but not others based on the License agreements. So you have to give them the "student" and "member" affiliations otherwise they get nothing! So how do you then stop these people using the exceptions where they don't allow non-home students to have access. I have done some work and created a ARP which will prevent the release of these eduPersonScopedAffiliation values based on another attribute to stop the presentation of the scopedaffiliation if for example "isnotrealstudent=true" but that needs the requester and the larger publishers seem to use the same Service Provider for multiple resources. So from the IDP there doesn't seem to be a way to have different restrictions within that set of resources using the same SP. Another example, I'm told, is that JSTOR allows ex-staff access to the resource when they have left the University. Are they staff or affiliate? What would affiliate then give them access to! Are the Service Providers with these licensing restrictions doing something else, maybe using eduPersonEntitlement or is there something clever that I'm missing on the IdP side? The student example is just one example where the 7 values just don't seem to fit. Any feedback from Service Providers on what they look for would be appreciated because I keep sending attributes from different institutions and you keep letting me in! Matt ------------------------------------------------------------------ Technology Specialist MCNE, CLE, CLP, LPIC-1 Salford Software Ltd, Lancastrian Office Centre Talbot Road, Old Trafford Manchester, M32 0FP Tel: +44 (0) 161 906 1002 Fax: +44 (0) 161 906 1003 Email: [log in to unmask] www.salfordsoftware.co.uk ------------------------------------------------------------------ This email is confidential and may contain privileged material. If you are not the intended recipient then you must not copy it, forward it, use it for any purpose, or disclose it to another person. Instead please return it to the sender immediately. Please then delete your copy from your system. Please also note that the author of this email cannot conclude any contract on behalf of Salford Software Ltd by email. _______________________________________________ Salford Software Free Technical Updates Register now! http://www.salfordsoftware.co.uk/education/event_details.html?event=86 UCISA Identity Driven Portals Event Book now! http://www.ucisa.ac.uk/events/2007/forum/idportals/index_html The University of Aberdeen is a charity registered in Scotland, No SC013683.