Hi Nicole
I think there more to gateway compliance than just the issue of whether
you get access? I understand from Eduserv that there are still issues
with how many of the seemingly gateway-compliant sites handle persistent
identifiers. The current position is that Eduserv now send an Athens
username that is always the same for a user from session to session
because DSP are not yet geared up to do it the way they want. Eduserv
plan to switch over to sending random Athens usernames in about 12
months. Even when the Athens username is random it will be temporarily
recorded and tied to the persistent ID on Eduserv's servers. So in
theory the DSP can, if they choose, query Eduserv's database to find out
the persistent ID of the user. This would enable them to maintain the
user's preferences between sessions once the Athens username has been
randomised. I understand from Eduserv that getting them to do this is
not proving easy. When I asked Eduserv what would happen if a DSP hadn't
changed to working the way Eduserv wanted them to in 12 months I was
told that they would just be flagged as non-gateway compliant.
At the moment when I go to some sites I get a message such as "Hello
_ayq5dqg6g3dzajrjqpm". This is not particularly user friendly. I think
Eduserv would like to send out the EduPersonPrincipleName value and let
the DSP use that. Eduserv see releasing this to service providers as a
privacy/data protection issue but if we've configured our IdPs to
release this information and the user hasn't overridden the default ARP,
I can't see why it wrong to send this to the Service Provider.
There is also the issue of how the changeover is handled. If the
persistent identifier that is used is suddenly changed this will
presumably have an impact on all the users who have registered to use
sites so that their preferences (search histories, etc ) can be
remembered.
I think its up to us (via JISC) to put pressure on SPs not just to make
their sites accessible using Shibboleth via the gateway but also to
ensure that the same level of functionality is maintained and the
transition is a smooth one.
Nigel
Nigel Bruce
PC & Server Group Leader
Information Systems Services
University of Leeds
LEEDS, LS2 9JT
Tel. 0113 343 5384
-----Original Message-----
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]] On Behalf Of Nicole Harris
Sent: 28 October 2005 11:42
To: [log in to unmask]
Subject: Re: Athens DA / Shibboleth gateway and classic Athens
Hello All
JISC is in the process of drafting a letter to send to all publishers
with clear timescales for conversion. A similar one will go out to all
HE institutions. The timescale for this is the end of November.
If we have a definite list of the key problem resources I am happy to
write a stronger letter to them, and to highlight these as people to
chase up asap.
Some key questions might be:
1. Why have these resource providers not implemented the feature?
Cost?
Lack of understanding? Inertia?
2. Is there a technical solution to the current cookie problem when
using both the gateway and classic Athens?
3. Can we cope with this problem for a short amount of time (assuming
that the resource providers do implement eventually) or is this actually
a complete 'showstopper' meaning that no-one will use the gateway until
resolved?
I'd appreciate any opinions on this.
Kind regards
Nicole
-----Original Message-----
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]] On Behalf Of Paschoud,J
Sent: 28 October 2005 10:42
To: [log in to unmask]
Subject: Re: Athens DA / Shibboleth gateway and classic Athens
Phil,
>The problems you refer to are all associated with non-gateway compliant
>services, so these do not diminish the usefulness of the gateway. With
>90% of Athens resources being gateway-compliant, we are working with
>the suppliers of the remaining services to get them to use a feature we
>released over two years ago! :o)
You misunderstand me! The problem (that we see as show-stopping to
rolling out live use of the Gateway to our users, who are only poor,
non-technical social scientists ;->) is with using a *combination* of
Gateway-compliant resources *and* the 10% that you say are not yet
Gateway-compliant.
I appreciate your frustration with getting suppliers to adopt the 'new'
(2-year-old) features of Athens, so that they can work via the Gateway.
Where those resources are licensed by LSE we are very willing to throw
our weight, such as it is, behind that approach to them.
It would be useful if JISC (as primary client of the Athens service for
UK
F&HE) could give those vendors clear information, soon, about the
transition to a Shibboleth-based infrastructure. Then they could make
an informed choice about either implementing the Athens
Gateway-compliant software, or a direct Shibboleth SP.
In the latter case, we would also encourage our non-UK friends to put
similar pressure on vendors. This shouldn't cause a problem for UK
'late adopters' of Shibboleth, because (I presume) they would be able to
use the Athens-to-Shib element of the Gateway to continue providing
Athens-mediated access, for as long as they wished, or as long as that
service was available.
John
|
