multiple entity ID in shibboleth IdP
Etienne Dysli Metref
etienne.dysli-metref at switch.ch
Thu Nov 11 14:53:46 UTC 2021
On 10.11.21 08:01, Noriyuki TAKEI wrote:
> Can I have multiple entity ID in one same shibboleth IdP? For
> example, I'd like to have 2 entity ID
> (https://idp.example1.org/idp/shibboleth ,
> https://idp.example2.org/idp/shibboleth) in one IdP.
If you hack it enough, yes. ;) See my presentation on this topic at
TNC19 [1,2].
> SWITCH edu-ID: How to spoof Identity Providers
>
> In this presentation, we present new developments of the SWITCH
> edu-ID service during the last two years. As presented earlier, the
> key aspect of edu-ID is to tie the identity, i.e. the account and
> it's associated information, to the person using it instead of to the
> organisation providing it. Thus the identity can span multiple
> relationships with academic institutions, the latter only adding (and
> later removing) attributes to the account that describe the person's
> affiliation with the institution. Hence, edu-ID introduces a more
> comprehensive long-term identity schema with personal attributes
> provided by users themselves and affiliation attributes provided by
> organisations. These "attribute sets" have varying sources and
> degrees of quality. How can they be managed, kept up to date, deleted
> and transmitted to services that use them? These are the challenges
> our developments address, with a strong penchant for backward
> compatibility and minimisation of changes for existing services.
Cheers,
Etienne
[1] https://tnc19.geant.org/video-archive/#s54 sessions "10B Trust and
Security for Students"
[2] https://tnc19.geant.org/programme/#Wednesday
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://shibboleth.net/pipermail/users/attachments/20211111/cbb4e1e6/attachment.sig>
More information about the users
mailing list