Hi Jon,
I'm not personally offering any service for alumni at Salford Software ;-)
If you were to offer Shibboleth based alumni services then I would imagine the Identity Provider should be asserting [log in to unmask] and any institution with a well designed Identity Management solution in place should have no problem in doing this.
Based on my understanding of ePSA, "alum" is not a valid "member" therefore a service provider should reject access. Of course it is possible that some publishers may actually allow content to Alumni, which would depend on their license. Personally, I'm not aware of any.
If the service provider is your own and is an alumni service then maybe it should ONLY accept [log in to unmask] Would you need to put your institutions email service into the UKAMF when it would only ever be your own (ex) students accessing it? Saying that, you could offer account linking from a home IdP, if you have one, to your Alumni email service similar to the JISCMail solution. So I could federate into Cambridge as [log in to unmask] and pick up my [log in to unmask] email. Then I wouldn't have to remember my Cambridge username and password. Just a shame I didn't go to Cambridge!
Just my ten pence worth, could be an interesting discussion.
Matt
------------------------------------------------------------------
Technology Specialist
Salford Software Ltd,
Lancastrian Office Centre
Talbot Road, Old Trafford
Manchester, M32 0FP
Tel: +44 (0) 161 906 1002 Fax: +44 (0) 161 906 1003
Email: [log in to unmask]
www.salfordsoftware.co.uk
------------------------------------------------------------------
This email is confidential and may contain privileged material. If you
are not the intended recipient then you must not copy it, forward it,
use it for any purpose, or disclose it to another person. Instead
please return it to the sender immediately. Please then delete your
copy from your system.
Please also note that the author of this email cannot conclude any
contract on behalf of Salford Software Ltd by email.
_______________________________________________
>>> Jon Warbrick <[log in to unmask]> 05/02/2008 10:07 >>>
Is anyone using, or considering using, Shib to provide an
authentication/authorisation service to Alumni?
Such a service would probably have to operate outside the UK Access
Management Federation, or at the very least would have to be careful not
to assert ePSA values of 'member', 'staff', or 'student' for Alumni. It
would however provide a useful internal tool for maintaining relations
with departed members of institutions, and could perhaps be used to
provide 'Alumni IdP' services along the same lines as existing 'Alumni
Email' services.
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
|