entity descriptors from multiple registrars

Cantor, Scott cantor.2 at osu.edu
Thu Sep 18 11:56:27 EDT 2014

On 9/18/14, 11:47 AM, "Tom Scavo" <trscavo at gmail.com> wrote:
>> Having thought about this over lunch, I'm guessing that your assumption
>> is, given you have to be a US academic institution to register an IDP in
>> InCommon, that an InCommon IDP authentication authorizes the principal
>> as someone who is a US academic researcher?
>Yes, basically.

But that's just not the case.

>>Would it be possible to accept a *.edu scope in an affiliation attribute
>> to identify US registered academic principals?
>Maybe. An entity attribute would be better, but like Scott says, we
>need to better understand the use case.

No, you need a *user* attribute. This isn't about the IdP at all.

-- Scott

More information about the users mailing list