Uncertainty about scopes in metadata and it's relation to scoped attributes.

Mathis, Bradley bmathis at pima.edu
Wed Jul 3 16:27:30 EDT 2019 

Thank you David.

Brad Mathis
IT Principal Systems Analyst
Infrastructure Services - Applications
Pima Community College
520.206.4826
bmathis at pima.edu









On Wed, Jul 3, 2019 at 12:32 PM IAM David Bantz <dabantz at alaska.edu> wrote:

> You have other ways of distinguishing students from staff
> (eduPersonAffiliation? or make use of those mail.pima.edu addresses to
> indicate students). Ideally the services (not your identity provider)
> determine whether to provide access based on what you assert (for example
> that they are students or staff or both or neither); if some services are
> not prepared to do that correctly, then you can use those data  if you like
> in attribute-filter, to release attributes conditionally (for example only
> if they are staff).
>
> David Bantz
>
> On Wed, Jul 3, 2019 at 11:24 AM Mathis, Bradley <bmathis at pima.edu> wrote:
>
>> Thanks for this feedback also.   the EPPNs have started being used more
>> recently ... I'm not sure we have any systems that actually are used by
>> students e.g.  EPPN of  student1 at mail.pima.edu  so I might could make
>> the change and not break anything.   hmm though not sure if it might allow
>> students access to things they shouldn't have either. ...  oh boy I better
>> think this one through a bit.
>>
>> Thanks for all the feed back.
>>
>> Brad Mathis
>> IT Principal Systems Analyst
>> Infrastructure Services - Applications
>> Pima Community College
>> 520.206.4826
>> bmathis at pima.edu
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Wed, Jul 3, 2019 at 12:07 PM Cantor, Scott <cantor.2 at osu.edu> wrote:
>>
>>> On 7/3/19, 3:03 PM, "users on behalf of IAM David Bantz" <
>>> users-bounces at shibboleth.net on behalf of dabantz at alaska.edu> wrote:
>>>
>>> > Assign ePPN of student1 at pima.edu [instead of the email address] in
>>> attribute-resolver.
>>>
>>> Highly advisable, but I assumed those EPPNs were already in wide
>>> circulation so as to preclude changing them. If not, by all means, do so.
>>>
>>> -- Scott
>>>
>>>
>>> --
>>> For Consortium Member technical support, see
>>> https://wiki.shibboleth.net/confluence/x/coFAAg
>>> To unsubscribe from this list send an email to
>>> users-unsubscribe at shibboleth.net
>>>
>> --
>> For Consortium Member technical support, see
>> https://wiki.shibboleth.net/confluence/x/coFAAg
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190703/f1fd0e48/attachment.html>

More information about the users mailing list