InC-Lib-Vendor

[Andy Ingham <>]

Vendor subgroup --

A document from the NISO SSO group that Dave Kennedy and I are on is 
referenced in the forwarded message below.  In that document (which I 
realize some of you won't be able to access) there is the following 
transcript of part of the discussion:

"
Steve [Carmody]: ... We shouldencourage publishers to
adopt support for Personalization via  the targetedID attribute.

...

Nicole [Harris]: Publishers often ask for principal name for 
personalization when
they should use targetedID instead. Publishers should not handle
personal data. We explain why targetedID is preferred. Most are using
affiliation and targetedID.
"



I thought it was interesting, given what we've written into our best 
practices document 
(https://spaces.internet2.edu/display/inclibrary/Best+Practices ):

"While the eduPersonEntitlement should be the initial focus for making 
Shibboleth Single Sign On feasible on a wide-spread basis, it does not 
provide the user specificity necessary for enhanced services such a 
personalization.

For such personalization, we recommend use of either the 
eduPersonPrincipalName OR eduPersonTargetedID attributes.  In large 
part, the decision point between these two choices is weighing the 
relative importance of privacy vs interoperability.  The former tends to 
provide more human-friendly identification of an individual (e.g, 
 VS. kl83HlsnblqYskgh72Kfqkl) and therefore it 
will likely be preferred for use across multiple vendors / resources. 
By identifying an individual in a more human-readable way, however, 
might elicit greater privacy concerns.  In either case, it is important 
to realize that the identifier will still UNIQUELY identify a given 
individual."


We may want to think about altering what we've got in the BestPractices 
document based on this, as it sounds as if the community of libraries 
and publishers is tipping the scales toward TargetedID.


Thoughts?


Andy


-------- Original Message --------
Subject:        [NISO sso] Groups - Notes from call on March 19, 2010
(FedPubRels.doc) uploaded
Date:   30 Mar 2010 05:23:51 -0700
From:   Heather Staines <>
To:     



A new document has been submitted to the National Information Standards
Organization: SSO Authentication document repository.
Document: Notes from call on March 19, 2010 (FedPubRels.doc)
Workgroup: SSO Authentication
Folder: Publisher-Federation Issues
Submitter: Heather Staines

Link: View Document Details
<http://www.niso.org/apps/org/workgroup/sso/document.php?document_id=3761>
Link: Download Latest Revision
<http://www.niso.org/apps/org/workgroup/sso/download.php/3761/latest/FedPubRels.doc>

Document Description:
Notes from preliminary telephone call including libraries, publishers, and
federations.