interfed - Re: [inc-interfed] Updated shibboleth.net use case
Subject: Interfederation
List archive
- From: "Cantor, Scott" <>
- To: "" <>
- Subject: Re: [inc-interfed] Updated shibboleth.net use case
- Date: Wed, 5 Jun 2013 16:44:17 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport02.merit.edu; dkim=neutral (message not signed) header.i=none
On 6/5/13 2:45 AM, "Scott Koranda"
<>
wrote:
>
>Do you have a more reliable source of name and email than the IdPs? Is
>the more reliable source self-asserted values?
No. We would have prevented confluence and jira from even letting users
set them, but we *do* overwrite them with blanks every time a user logs in.
This is where ePTID becomes a nuisance. In these apps, if there's no name
set, it just displays the underlying username. When that's EPPN, things
work reasonably well. So I believed the lesser of evils was to keep name
from being set as much as I could.
I recalled doing the same for email, but I'm misremembering. We're not
blocking that, because it doesn't show up in the UI the same way and
wouldn't be an impersonation issue.
-- Scott
- [inc-interfed] Updated shibboleth.net use case, Cantor, Scott, 06/04/2013
- Re: [inc-interfed] Updated shibboleth.net use case, Scott Koranda, 06/05/2013
- Re: [inc-interfed] Updated shibboleth.net use case, Cantor, Scott, 06/05/2013
- Re: [inc-interfed] Updated shibboleth.net use case, Scott Koranda, 06/05/2013
Archive powered by MHonArc 2.6.16.