[ogsa-authn-bof] Shibboleth/Grid Namespace mapping for SWITCH SLCS
Tom Scavo
trscavo at gmail.com
Tue Feb 13 20:24:20 CST 2007
On 2/13/07, Von Welch <vwelch at ncsa.uiuc.edu> wrote:
>
> As I see it, your uniqueInt is equivalent to my suggested use of a
> targetedId - it's a globally unique, permanent user identifier.
> Your's is scoped to the SWITCH federation as opposed to ePTID which
> is scoped to the recipient, but I'm not sure that matters.
Just to muddy the waters a little bit, if the right policy is in
place, the software will support ePTID scoped to a federation.
However, if the federation is large, there's no point in doing that
since then the ePTID looks like a globally unique identifier. The
tendency will be to keep federations (or "affiliations" as they're
called in SAML V2.0) small. In fact, SWITCH is a good example of a
"small" federation for which ePTID scoped to an affiliation of SPs
makes sense.
Tom
More information about the ogsa-authn-bof
mailing list