On 4/24/15 4:23 AM, Paul Haldane wrote:
> I've trawled the archives and the last time I could see significant
> discussion of how we handle authentication of external people who
> don't have a home IdP and who we don't want to give a standard
> institutional account to was back in December 2011
> There were various suggestions mooted at the time (OpenID-Shibboleth
> bridge, separate "friends of" IdP, https://openidp.feide.no/).
> Did any of these come to fruition and/or get adopted as the standard
> way to deal with this?
Brown (and a number of other schools here in the US) have relationships
with Cirrus Identity, a company which offers a gateway service:
We use it for the problem you describe. In addition, the InCommon
Federation uses the Cirrus GW to provide these "homeless" people with
access to some of their services.