entity descriptors from multiple registrars
cantor.2 at osu.edu
Thu Sep 18 11:56:27 EDT 2014
On 9/18/14, 11:47 AM, "Tom Scavo" <trscavo at gmail.com> wrote:
>> Having thought about this over lunch, I'm guessing that your assumption
>> is, given you have to be a US academic institution to register an IDP in
>> InCommon, that an InCommon IDP authentication authorizes the principal
>> as someone who is a US academic researcher?
But that's just not the case.
>>Would it be possible to accept a *.edu scope in an affiliation attribute
>> to identify US registered academic principals?
>Maybe. An entity attribute would be better, but like Scott says, we
>need to better understand the use case.
No, you need a *user* attribute. This isn't about the IdP at all.
More information about the users