[IDM] eduPersonAssurance usage

Curry, Warren whcurry at UFL.EDU
Tue Feb 26 12:09:29 EST 2013

At UF we created a local attribute for this use and treat it as an attribute and I think Penn St. has a similar Idea.  Likely others.  

You could call the institutional  auth level /method  ... 

Keith is correct here that the eduPersonAssurance with respect to InCommon levels of assusrance is in the Authentication Context not attribute handling.    

See the assurance wiki at InCommon for info.. 

Warren H. Curry
UFIT - Identity Access Management
PO Box 113359,  2008 NE Waldo Rd

Have a great day!!!

-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Keith Hazelton
Sent: Tuesday, February 26, 2013 10:16 AM
To: Identity Management Constituent Group Discussion list
Cc: Shibboleth Users
Subject: Re: [IDM] eduPersonAssurance usage

The recommended way to do this in SAML (Shib etc) is with Authentication Context, not as an attribute in the SAML attribute assertion.   --Keith
On Feb 26, 2013, at 09:13:40, Francis Swasey wrote:

> I am being asked to approve the usage of the eduPersonAssurance attribute to tell our webauth implementation how it should authenticate (which process - simple password, one-time password (SecurID, UbiKey, etc), Radius) the person to the various web applications webauth is protecting.
> Is this a valid use of the eduPersonAssurance attribute?  It is not how I was thinking that this attribute would be used. 
> Thanks,
> --
> Frank Swasey                    | http://www.uvm.edu/~fcs
> Sr Systems Administrator        | Always remember: You are UNIQUE,
> University of Vermont           |    just like everyone else.
> "I am not young enough to know everything." - Oscar Wilde (1854-1900)

To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list