Hi Paul I think that most providers ask for an affiliation to be sent - we store Staff or Student (based on our requirements) in a network profile field (idmShibboleth) on all network accounts, then the IdP adds @hull-college.ac.uk to the end. And you can tell providers which affiliations you'll be sending. It might depend on how complicated you want to make the groups, but that smells like the gist of the answer to me. Dave From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of JOHNSON Paul Sent: 11 December 2013 11:15 To: [log in to unmask] Subject: Shibboleth settings for providing different permission sets Hi all We have just embarked on the rather scary journey of implementing our own Shibboleth IdP. Our IT project team have successfully registered the new IdP, which is hidden so that we can test against it while continuing to use Eduserv as our current Shibboleth provider. As part of the preparation I have been asked to help liaise with all our eresource providers to make sure we present the correct Attributes with relevant data and the team have asked me if I can find out if there is a general consensus on how individual resources are restricted from some groups of students. * e.g. If we want to remove access permissions for a few of our restricted resources to our overseas HESA registered partner students what would we change in the Shibboleth setup/attributes to enable this. Apologies if there is an obvious solution - I'm keen to make sure we follow best practice but I am not very experienced in all things Shibboleth. We are using all the guidance we can find from the UK Federation site: http://www.ukfederation.org.uk/content/Documents/AttributeUsage but if there are any other relevant resources to help answer basic questions like this please feel free to point me (politely :) ) in the right direction and to stop asking such daft questions. Many thanks Paul ______________________________________ paul johnson | information landscape librarian staffordshire university | thompson library [log in to unmask]<mailto:[log in to unmask]> | 01782 294770 ________________________________ The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, except for the purpose of delivery to the addressee, is prohibited and may be unlawful. Kindly notify the sender and delete the message and any attachment from your computer. Message scanned ********************************************************************** This message is sent in confidence for the addressee only. It may contain confidential or sensitive information. The contents are not to be disclosed to anyone other than the addressee. Unauthorised recipients are requested to preserve this confidentiality and to advise us of any errors in transmission. Any views expressed in this message are solely the views of the individual and do not represent the views of the College. Nothing in this message should be construed as creating a contract. Hull College owns the email infrastructure, including the contents. Hull College is committed to sustainability, please reflect before printing this email. **********************************************************************