An open discussion list for topics related to the eduGAIN interfederation service.

[Niels van Dijk <niels.vandijk AT surfnet.nl>]

On 11/28/2014 05:05 PM, Andy Bennett wrote:
> On 28/11/14 15:57, Mikael Linden wrote:
>> > I second Tom. I can't see how R&S helps Jozef to solve his problem.
> I think the idea would be to ensure that the authorization can be done
> with the attributes. You could say something like "allow affiliations
> matching 'faculty@*.edu'" if you were guaranteed to get the
> scoped-affiliation attribute.

That might work for e.g. the US and the UK where domains of academic
institutions are different from 'normal' domains. In most of Europe
however, a university would simply have e.g. 'affiliation@*.nl' just
like a commercial company. So to use attributes for this in a way that
would work internationally, we would need a 'proper' attribute, or set
up a list of all known domains for institutions. (Though I cannot begin
to think about the horror of maintaining such a list, I do have several
use cases for that already...)

So if you want to go the attributes route, though I am not sure this
helps given how badly the attribute is currently in use: eduGAIN
actually endorses[1] the use of SchachomeOrganizationType, where values
could be (I guess) university, university hospital, etc.

Cheers,
Niels




[1]
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0CCYQFjAB&url=http%3A%2F%2Fwww.geant.net%2Fservice%2FeduGAIN%2Fresources%2FDocuments%2FeduGAIN%2520Attribute%2520profile.pdf&ei=8B57VLnfAYXjatO3gZgF&usg=AFQjCNFQjxKtQKjyhq9JJ_tzctATEp5POg&sig2=l83BlFCAQgjWrixN670itQ&bvm=bv.80642063,d.d2s