Matt Dunkin said
>
> Another example, I'm told, is that JSTOR allows ex-staff
> access to the resource when they have left the University.
> Are they staff or affiliate? What would affiliate then give
> them access to!
>
Just to correct that, the only "non-member" category that JSTOR allows access to is walk-in users (see http://www.jstor.org/page/info/about/policies/terms.jsp). They don't allow ex-staff in.
> Are the Service Providers with these licensing restrictions
> doing something else, maybe using eduPersonEntitlement or is
> there something clever that I'm missing on the IdP side?
>
In fact JSTOR require in InCommon (and will use in the UK federation) eduPersonEntitlement, with a required value of urn:mace:dir:entitlement:common-lib-terms (see http://www.jstor.org/page/info/resources/librarians/tech.jsp#shibboleth).
So they leave it to the institutions to give that attribute value just to those individuals who fit the JSTOR "authorized user" definition. Luckily JSTOR's is a pretty common defintion - there would be problems if another service provider with a different definition of authorized user were to require the same attribute value. But that's why it's named "common-lib-terms".
I quite accept that SPs with complex licence restrictions or extensions may have difficulty in mapping them onto common attribute values. But that's an argument for keeping the definition of authorized users simple.
Sean
Mimas
|