 |
 |
Thanks Phil, that is helpful. For complete clarity, how has this been resolved for the resources that are gateway compliant? I assume that they are simply not carrying out a prefix check and they are happy with this?? Nicole -----Original Message----- From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Eduserv Athens Local Authentication Support Sent: 01 February 2006 10:09 To: [log in to unmask] Subject: Re: [ATHENS] Shibboleth-Athens Gateway and Athens DA Nicole The main issue with non-gateway compliant services is that they are still using prefix checking to identify a user's home organisation as part of the authorisation process. Service providers are doing this by extracting the first three characters of the username; AthensDA 'virtual' usernames were designed to include an organisational prefix because that was the recommended method of identifying a user's home organisation at the time. However, Shibboleth handles do not have such coding built into them, so when a service provider extracts the first three characters, they do not get any sensible information from it. AthensDA technology was developed to pass an Athens user's credentials in exactly the same way as a classic Athens user, which is why there is no difference in behaviour between these technologies. Regards Phil Leahy Business Development Manager Eduserv Athens access management _____ [log in to unmask] tel: +44 (0)1225 474333 fax: +44 (0)1225 474332 http://www.eduserv.org.uk/athens/ _____ Eduserv Athens is a service of Eduserv Technologies Limited -----Original Message----- From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Nicole Harris Sent: 26 January 2006 18:39 To: [log in to unmask] Subject: Re: [ATHENS] Shibboleth-Athens Gateway and Athens DA Jonathan I am forwarding your message to the shibboleth discussion list where some of the people who have already implemented the gateway procedures are more likely to be lurking! I'm surprised to hear that more resources are AthensDA compliant than gateway compliant as I thought the same non-compliancy issues would affect both systems...would be interested to find out more! Community pressure on Westlaw *is* starting to make an impact, and they are starting to talk about implementing shibboleth at a much earlier date than previously suggested. They are likely to go straight for shibboleth-compliance rather than gateway compliance though...but this should make very little difference for a shibbolised institution in the long run! Hope this helps Nicole -----Original Message----- From: Discussion list for Athens Administrators [mailto:[log in to unmask]] On Behalf Of Jonathan Hooper Sent: 26 January 2006 10:27 To: [log in to unmask] Subject: [ATHENS] Shibboleth-Athens Gateway and Athens DA We are currently looking at the Shibboleth-Athens Gateway in the hope of going live in September 2006. 1. Please could I ask other sites who have done/are planning this: - How do/will you manage ongoing Classic Athens accounts? - e.g. do/will you still bulk upload? - How do/will you get the cookie set in your users' browsers? e.g. two possible approaches are MMU's who have a prominent link on the Library home page, and Durham's who use the links in the catalogue to set cookie then redirect to resource 2. It looks as if more resources are Athens DA compliant than are Shib-Athens compliant - a particular problem for us is Westlaw. Have any sites taken the decision to use Athens DA rather than Shib-Athens for this reason? 3. Would anyone from other sites be prepared to discuss their experiences more generally with us? If so, please could they get back to me off-list? Thanks, Jonathan Jonathan Hooper Leeds University Library [log in to unmask] Unless otherwise agreed expressly in writing by a senior manager of Eduserv, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee or agent is authorised to enter into any binding agreement or contract on behalf of Eduserv or Eduserv Technologies Ltd., unless that agreement is subsequently confirmed by the conclusion of a written contract or the issue of a purchase order.