Refeds


Subject RE: VO challenges - article
From "Jones, Mark B" <Mark.B.Jones@xxxxxxxxxxx>
Date Tue, 27 Oct 2015 16:54:30 +0000

+1

> -----Original Message-----
> From: Paul Caskey [mailto:pcaskey@xxxxxxxxxxxxx]
> Sent: Tuesday, October 27, 2015 11:33 AM
> To: Thomas Scavo <trscavo@xxxxxxxxxxxxx>; Cantor, Scott <cantor.2@xxxxxxx>
> Cc: Jones, Mark B <Mark.B.Jones@xxxxxxxxxxx>; Niels van Dijk
> <niels.vandijk@xxxxxxxxxx>; refeds@xxxxxxxxxx
> Subject: Re: [refeds] VO challenges - article
> 
> I agree with that, but would just point out that many IdPs fail to release
> attributes not because they are recalcitrant, lazy, or anything else, but that the
> culture common to many institutions (and CIOs) is that taking the risk of
> automated release (managed by a party that is legally blameless) is not
> justified by the benefits.
> 
> So, continuing to whine to IT folks about the attribute release problem isn’t
> going to fix it IMHO.  We need to address the risk/reward argument and drive
> the conversation in other administrative areas of the institution (registrars, HR,
> etc).
> 
> 
> 
> 
> 
> 
> On 10/27/15, 10:39 AM, "trscavo@xxxxxxxxx on behalf of Tom Scavo"
> <trscavo@xxxxxxxxx on behalf of trscavo@xxxxxxxxxxxxx> wrote:
> 
> >On Tue, Oct 27, 2015 at 10:04 AM, Cantor, Scott <cantor.2@xxxxxxx> wrote:
> >>
> >> IdP has a broader functional scope in SAML than just authentication. Once
> you have a proxy IdP that's doing all the real work of attributes and
> provisioning and so forth, the small bit left is easy to replace with a commodity.
> >
> >+1
> >
> >I think what you're saying (and I strongly agree) that the
> >authentication providers will whither while the attribute providers
> >will flourish.
> >
> >Tom

Attachment: smime.p7s
Description: S/MIME cryptographic signature