entity descriptors from multiple registrars

[Andy Bennett]

Hi,

> I definitely have use cases: two NSF-funded R&S SPs where the NSF
> dollars are intended to be used for US research, exclusively. My need
> is real and immediate. Without a solution, extending our local
> implementation of R&S to the international research community is
> essentially blocked.

Having thought about this over lunch, I'm guessing that your assumption
is, given you have to be a US academic institution to register an IDP in
InCommon, that an InCommon IDP authentication authorizes the principal
as someone who is a US academic researcher?


Given that those SPs don't want to serve principals from other
federations, why can't you use the InCommon metadata only in the SP
configuration?


Would it be possible to accept a *.edu scope in an affiliation attribute
to identify US registered academic principals?


How strict do you need to be? Would it suffice to have a self
certification during first login?





Regards,
@ndy

-- 
andyjpb at knodium.com
http://www.knodium.com/