IdPv3 and Hathitrust: how to resolve and release SAML

Peter Schober peter.schober at univie.ac.at
Mon Jul 10 13:28:54 EDT 2017


* Cantor, Scott <cantor.2 at osu.edu> [2017-07-10 19:12]:
> If the seed is cantor.2, then the stability of a persistentID based
> on that, and an EPPN of cantor.2 at osu.edu is identical (identically
> poor, that is). So the only win is the privacy gain, and while
> that's not nothing, there are too many services for which that lack
> of stability is not just a simple loss of search results. So it's
> not a good choice.

ACK, it's just the choice I see most deployers make, when presented
with the choices available.
(I.e., the ones without sufficiently mature IDM systems than can
supply and maintain a stable internal identifier that's never
re-assigned.)

Actually I may have seen more deployers worry about using cantor.2 as
left-hand side of an ePPN value (due to the privacy issue) than using
it as basis for persistent NameIDs. (Of course most of those will not
ever have had to deal with the fallout from NameID reassignment; maybe
that case is still sufficiently rare; maybe it will not even reach the
IDP admin and will be dealt with in some other way by IT support
instead, whether appropriately or not.)

-peter


More information about the users mailing list