On 08/04/2019, 15:37, "FIM4L on behalf of Gragert, Gerrit" <fim4l-bounces@lists.daasi.demailto:fim4l-bounces@lists.daasi.de on behalf of gerrit.gragert@sbb.spk-berlin.demailto:gerrit.gragert@sbb.spk-berlin.de> wrote:
Hi Folks,
Welcome Gerrit!
… But our library's view might be slightly different from other libraries i.e. at universities: although we have a lot of patrons, we do not have "associated scientist" at our institution. Most of our patrons already have an (federated) identity at their home organization, so it would break up single-sign-on if we supply them with a second identity in the federation. Therefore, I'm interested in secure and privacy-preserving ways to provide entitlements and other attributes to our services as well as third-party service-providers / end-services for those of our patrons who have an identity somewhere else.
I wonder whether the Attribute Aggregation feature of the Dutch SURFconext identity hub is basically addressing that kind of problem (not sure how easy that is to arrange for in non-hub-and-spoke federations). Any identity and attribute set can be augmented with more attributes via attribute providers that get looked up at the moment an authentication happens… We have some documentation at https://wiki.surfnet.nl/display/surfconextdev/Attribute+Aggregation and a case where it is used described at https://blog.surf.nl/en/ordering-and-reading-with-estudybooks-is-easy-and-sa....
Kindest regards,
Raoul.