--On 05 February 2008 22:30 +0000 John Paschoud <[log in to unmask]>
wrote:
> Pete Walker wrote:
>> > A conversation here at Bristol may serve as use case?...
>> >
>> > "It may make more sense to handle something like OpenID for group
>> > membership of external users, since the membership of Shibboleth
>> > profiles (e.g. 'librarians at Russell group universities') had the
>> > problem of not being associated with actual individuals. Along with
>> > the reverse issue that researchers move around institutions
>> > regularly - and this would result in the change of someone's
>> > Shibboleth (i.e. institutional SSO related) identity - whilst an
>> > OpenID can be carried between instit's - and hence associated
>> > privileges from group membership at UoB as a third party instit.
>> > retained."
>
> Steven Carmody replied:
>> You seem to be describing privileges that have been granted to me as
>> a result of membership in a Virtual Organization (eg 'librarians at
>> Russell group universities'). And that its my continued membership in
>> those VOs that sustains this set of privileges? It doesn't sound like
>> these privileges have been granted to me as an individual. Rather,
>> I've obtained them indirectly, via my membership in the VO. And, if
>> I'm removed from the 'librarians at Russell group universities'
>> VO/group, I then immediately lose all privileges granted to those
>> group members?
>
> I agree with Steven here. You may want to carry some unique
> person-identifier between institutions (I think auEduPerson in Australia
> is aiming for that, but only at a national level); but most institutions
> wouldn't/shouldn't let most people who leave, for most reasons, keep
> privileges that they had as members.
I'd agree with this if a person's privileges do derive from their
membership of their current institutions. I think the concern is that,
through relying on Shib' implementations, some individuals will have
privileges that appear to be institutional when they should be on an
individual basis e.g. external examiners, student tutors/assessors, people
collaborating on papers or research, people who help on interview panels,
etc.
>
> The Russell Group might be a VO, but it's a VO whose members are
> universities, not individuals. Such a university (its' IdP/directory)
> may award the ePA of 'Librarian' (rather than just 'a librarian') to an
> individual; but if Jean Sykes leaves her post at LSE to be Librarian of
> Wolverhampton University (*not* a Russell Group member!), she doesn't
> get to keep the attribute; and her successor automatically acquires it
> - whoever s/he is. If there was some resource available to anyone with
> the ePA 'libarian' (i.e. any frowner/stamper, not just The Librarian),
> at a RG university (I'm not aware of any such resources), things would
> work the same.
>
> Possibly this could be implemented by a federation of the Russell Group.
> I've suggested a federation for similar purposes of 'institutional
> membership' for the NEREUS consortium (institutions that are good at
> Economics - http://www.nereus4economics.info/); which would be an
> interesting exercise because it would span 11 countries, most of which
> are also building national Shib-based federations.
>
> John
>
> Please access the attached hyperlink for an important electronic
> communications disclaimer:
> http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm
----------------------
Pete Walker, Internet Development Manager
Institute for Learning and Research Technology (ILRT)
University of Bristol
8-10 Berkeley Square, Bristol, BS8 1HH
Web: www.ilrt.bristol.ac.uk
Tel: 0117 928 7069 (for Bristol Online Survey service)
Tel: 0117 928 7192 (General)
Email: [log in to unmask]
|