On Friday 04 November 2005 14:16, Steven Carmody wrote:
> At 9:25 AM +0000 11/4/05, David Orrell wrote:
> > > -- the attributes often used with collaboration environments (eg
> >> eduPersonPrincipalName)
> >Doesn't this depend on who the collaboration is with and its scope?
> absolutely. The scope could be very narrow (I'm a member of a
> multi-campus VO, and the local PI has granted me privileges to access
> VO-owned resources) or very wide (eg *anyone* can register and edit
> the Shib Wiki).
> So, choosing a specific use case that exists today, could a user tell
> your ARP mechanism to release their EPPN value to the Shib Wiki, so
> they could participate in developing the content on this site?
Absolutely. This is an example of the class of usage we're most interested in.
A user will be able to specify which attributes to release and to whom (if
they have been designated to be the ARP owner). Of course, for certain
attributes the organisation(s) may be the ARP owner (as well as the data
owner in many cases) and have the ability to set a global policy. Although
our ARP mechaniusm already supports this kind of hierarchical control, our
initial focus with regard to UIs, is on user-centric policies such as the
example you give.