[IDM] eduPersonAssurance usage

Francis Swasey Frank.Swasey at uvm.edu
Tue Feb 26 13:03:39 EST 2013


are you willing/able to share the LDAP attribute definition with me?

- Frank

On Feb 26, 2013, at 12:09 PM, "Curry, Warren" <whcurry at UFL.EDU> wrote:

> At UF we created a local attribute for this use and treat it as an attribute and I think Penn St. has a similar Idea.  Likely others.  
> You could call the institutional  auth level /method  ... 
> Keith is correct here that the eduPersonAssurance with respect to InCommon levels of assusrance is in the Authentication Context not attribute handling.    
> See the assurance wiki at InCommon for info.. 
> Warren H. Curry
> UFIT - Identity Access Management
> PO Box 113359,  2008 NE Waldo Rd
> 352-273-1383 
> Have a great day!!!
> -----Original Message-----
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Keith Hazelton
> Sent: Tuesday, February 26, 2013 10:16 AM
> To: Identity Management Constituent Group Discussion list
> Cc: Shibboleth Users
> Subject: Re: [IDM] eduPersonAssurance usage
> The recommended way to do this in SAML (Shib etc) is with Authentication Context, not as an attribute in the SAML attribute assertion.   --Keith
> ____________
> On Feb 26, 2013, at 09:13:40, Francis Swasey wrote:
>> I am being asked to approve the usage of the eduPersonAssurance attribute to tell our webauth implementation how it should authenticate (which process - simple password, one-time password (SecurID, UbiKey, etc), Radius) the person to the various web applications webauth is protecting.
>> Is this a valid use of the eduPersonAssurance attribute?  It is not how I was thinking that this attribute would be used. 
>> Thanks,
>> --
>> Frank Swasey                    | http://www.uvm.edu/~fcs
>> Sr Systems Administrator        | Always remember: You are UNIQUE,
>> University of Vermont           |    just like everyone else.
>> "I am not young enough to know everything." - Oscar Wilde (1854-1900)
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list