> > Hope you don't mind my asking, but how does the user override the site
>> ARP (in practice)? Reason I ask is this question comes up all the
>> time, so if you have some neat tool that allows the user to do this...
>
>As far as Athens is concerned, this is another project we're working on at the
>moment. It will be possible for users to set ARPs for certain attributes,
>both prempively, and at the time of access (ie.'This service is requesting
>attribute X, do you want to release it?'). Overall user ARPs will be
>manageable via the current MyAthens interface. We hope to be trialling for a
>restricted set of attributes and/or users by the end of this year.
>
>David.
we're seeing Shibboleth used both for access to licensed information
resources (where user privacy is often a concern), and to application
environments supporting collaboration (eg wiki's, where user identity
is expected to be released).
Do you expect that the ARP management interface you describe would be
able to control release of
-- the attributes often used with information providers (eg
eduPersonEntitlement, targetedId, email, etc)
-- the attributes often used with collaboration environments (eg
eduPersonPrincipalName)
thanks.
|