Jon Warbrick wrote:
> A quick peek at the current UK federation metadta suggests that multiple
> scopes are legal.
Yes, it is possible for a single IdP to be permitted multiple scopes.
This happens most obviously in the case of the Athens IdP at present
(and its "beta" staging site, the one you noticed).
It's also possible for the same scope to be permitted for more than one
IdP. For example, a test IdP and a production IdP might both be allowed
"example.ac.uk".
As Sean points out, if you want to say "alumnus of Example University"
the standard approach would be to give them an ePSA of
[log in to unmask] The multiple scope thing would be more obviously
appropriate when you administrative subdivisions:
[log in to unmask], for example. If you had resources licensed
to departments, that would be the obvious approach rather than, for
example, having departmental IdPs.
An individual might have multiple affiliations in each of multiple
scopes from the same IdP.
-- Ian
|