On Tue, 1 Jul 2008, Ian Young wrote:
> [lots of good stuff]
... most of which I entirely agree with.
The problem that I'm seeing is that some suppliers appear to be enabling
Shib access (at least for their current customers) based on ePSA of
member@<inst>.ac.uk, and perhaps release of an ePTID, despite the fact
that the 'authorised users' clauses in the relevant contracts may not
match either the UK federation definition of member@... or that of the
institution.
For example I believe that one service, currently restricted to staff,
will shortly grant access via Shib based on member@<inst>.ac.uk.
This obviously worries the people who sign the contracts - if unauthorised
access comes to light as a result, who will be held responsible? There is
also a danger that it will influences the allocation of member@... ePSA
values, perhaps only to that subset of people who fall within the
'authorised users' clauses of _all_ an institution's electronic resources.
This is clearly wrong and overly restrictive, and will really come home to
haunt us if/when Shib access takes off further - perhaps into the
e-science arena.
I don't know the answers here, but the questions worry me.
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
|