Hi Jiri,
On 2019-05-09 10:54, Jiri Pavlik wrote:
Hoping that everyone is fine with simplified FIM4L recommendations wrap up:
Libraries, universities
- Register Identity provider in eduGAIN.
- Support GEANT Data protection Code of Conduct.
- Release following set of attributes: pairwise-id,
eduPersonEntitlement, eduPersonScopedAffiliation according to requested attributes in Service provider metadata
Licensed e-resources providers
- Register Service provider in eduGAIN.
- Support GEANT Data protection Code of Conduct.
- Required attributes: pairwise-id, eduPersonEntitlement, optionally
eduPersonScopedAffiliation (not advised)
- Use eduPersonEntitlement attribute for authorisation, optionally
eduPersonScopedAffiliation (not advised)
- Use well defined ‘urn:mace:dir:entitlement:common-lib-terms’
eduPersonEntitlement attribute value for "whole-institution"-level authorisation.
- Support AARC Guidelines on expressing group membership and role
information for "below-whole-institution"-level authorisation.
Remarks Service providers could request name (displayName or givenName and sn) and mail attributes in metadata as optional. Identity Providers should release name and mail only to trusted Service Providers. Service Providers could ask user for name and mail if it is not provided by Identity Provider and it is needed for personalisation features. Usage of schacLocalReportingCode attribute is recommended for statistics purposes once it is well defined.
simplified as a summary for this email or do you intend to update the draft accordingly? In the latter case I wouldn't support that because the anonymous access (no pairwise-id, just a transient ID) is missing.
Best regards, Bernd