Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] eduGAIN and non "academic" IdPs

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] eduGAIN and non "academic" IdPs


Chronological Thread 
  • From: Andy Bennett <andyjpb AT knodium.com>
  • To: Mikael Linden <mikael.linden AT csc.fi>, Tom Scavo <trscavo AT internet2.edu>, <edugain-discuss AT geant.net>
  • Subject: Re: [eduGAIN-discuss] eduGAIN and non "academic" IdPs
  • Date: Fri, 28 Nov 2014 16:05:49 +0000
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>

On 28/11/14 15:57, Mikael Linden wrote:
> I second Tom. I can't see how R&S helps Jozef to solve his problem.

I think the idea would be to ensure that the authorization can be done
with the attributes. You could say something like "allow affiliations
matching 'faculty@*.edu'" if you were guaranteed to get the
scoped-affiliation attribute.

Building the list of globs is left as an exercise for the reader:
different countries have different ways to arrange academic domains.

This can't be done with metadata alone: even accredited universities
give visitor and guest accounts out. R&S would mean that at the metadata
level it is possible to get a list of IDPs for which you know you will
be able to make the decision at login time. It doesn't tell you anything
about IDPs not sporting the R&S EC tho' so I guess you'd still have to
allow login, check the affiliation, and then log something where it
didn't match your current glob list?






Regards,
@ndy

--
andyjpb AT knodium.com
http://www.knodium.com/






Archive powered by MHonArc 2.6.19.

Top of Page