inc-lib-vendor - Re: Entitlement Best Practices :was [InC-Lib-Vendor] Re: scheduling meeting times
Subject: InC-Lib-Vendor
List archive
Re: Entitlement Best Practices :was [InC-Lib-Vendor] Re: scheduling meeting times
Chronological Thread
- From: Andy Ingham <>
- To: Kent Percival <>
- Cc:
- Subject: Re: Entitlement Best Practices :was [InC-Lib-Vendor] Re: scheduling meeting times
- Date: Tue, 15 Dec 2009 12:20:16 -0500
FWIW, I'm now down to 4 authos that are active for FirstSearch for UNC-CH. I'm not even sure I want to ask my IdP yet about setting up a new entitlement for just ONE of these, let alone *4*.
My (perhaps naive) hope was that this could not only get filtered down to a SINGLE autho but that that autho could be re-engineered to map to the common-lib-terms entitlement.
I agree with Kent that this may not be feasible for some very legitimate reasons.
Either way, I suspect that we won't be getting OCLC set up with Shib directly any time soon.
Andy
Kent Percival wrote:
David Kennedy wrote:
It doesn't make sense to me to have our identity provider release multiple
entitlement values for the same set of users for the same service
provider. And I am fairly certain that our identity provider wouldn't
agree to do this. ...
Obviously it makes sense to work on business relationship details to avoid
technical complexity. However, from an implementation perspective, one should
expect that those business relationships aren't always going to resolve to the
simplest implementation. There are lots of reasons why multiple entitlement
values may apply to the same set of users, including the potential that two
highly overlapping community groups are actually being targeted. There are
also
more technical reasons for this situation, including transition to newer
entitlement values because of technical improvements or overlapping contracts.
In general, I would not want the IdP owner to make these decisions solely on
service policy. IdP's need to be more flexible but also engaged in
discussions
influencing implementation details of the business contracts. The reality is
that often a compromise is necessary!
However, this team's current effort is also on finding Best Practices that
avoid
a plethora of entitlement values unique to user subsets and specific vendor
services. My hope is that business arrangements (contracts) could be better
tailored to identify more generic campus community groups (students,
undergrads,
alumni, ...) so that vendors could better utilize our existing attributes in
their access control policies. Transferring access control filtering to the
IdP, resulting in a complex entitlement value problem, is not in the best
interests of the federated model.
....Kent
�_
- scheduling meeting times, David Kennedy, 12/04/2009
- <Possible follow-up(s)>
- Re: scheduling meeting times, David Kennedy, 12/09/2009
- RE: [InC-Lib-Vendor] Re: scheduling meeting times, Foster Zhang, 12/14/2009
- RE: [InC-Lib-Vendor] Re: scheduling meeting times, David Kennedy, 12/14/2009
- RE: [InC-Lib-Vendor] Re: scheduling meeting times, Foster Zhang, 12/14/2009
- RE: [InC-Lib-Vendor] Re: scheduling meeting times, David Kennedy, 12/14/2009
- Entitlement Best Practices :was [InC-Lib-Vendor] Re: scheduling meeting times, Kent Percival, 12/14/2009
- Re: Entitlement Best Practices :was [InC-Lib-Vendor] Re: scheduling meeting times, Andy Ingham, 12/15/2009
- Entitlement Best Practices :was [InC-Lib-Vendor] Re: scheduling meeting times, Kent Percival, 12/14/2009
- RE: [InC-Lib-Vendor] Re: scheduling meeting times, David Kennedy, 12/14/2009
- RE: [InC-Lib-Vendor] Re: scheduling meeting times, Foster Zhang, 12/14/2009
- RE: [InC-Lib-Vendor] Re: scheduling meeting times, David Kennedy, 12/14/2009
- RE: [InC-Lib-Vendor] Re: scheduling meeting times, Foster Zhang, 12/14/2009
Archive powered by MHonArc 2.6.16.