[Fim4l] Statistics issue use-case

Peter Schober peter.schober at univie.ac.at
Mon Apr 29 11:57:26 CEST 2019


* Koren, Meshna (ELS-AMS) <M.Koren at elsevier.com> [2019-04-29 10:11]:
> As an SP, we would like to keep access authorization and usage
> statistics use cases separate.

I think we all agree on this and just because the discussion moved
fromone to the other doesn't mean anyone suggested differently.

> The main reason for that is that all authorization attributes must
> be configured by our teams, in advance, in our systems

Well, not if SPs adopted the "common-lib-terms" entitlement value
approach, at least optionally (i.e., checking that first and then
falling back to whatever else they support) -- that's invariant and
the same for everyone.
What always needs to be configured is whether an institution is a
(paying) customer, of course. We can't take that away from you as
otherwise anyone could just self-assert to be a customer of yours. ;)

> But for non-academic customers such as government or medical that's
> different, and even more so for the corporate world. The corporate
> world is moving onto SAML-based authentication fast. They are driven
> by different rules (and software limitations) and of course you may
> ask why should you care... but for us it would have been simpler if
> these same schemas and recommendations worked for them, too. It
> would have been useful to be able to point them and/or their
> software vendors to such documents rather than trying to explain to
> them how the (rest of the) world works.

If you have concrete suggestions or problem statements about the
status quo we can certainly try to suggest or agree on something.
The above doesn't really help me do that, yet.

> But again - authorization and statistic are two different use cases.

Yup.

Best regards,
-peter



More information about the FIM4L mailing list