Tuesday, June 14, 2005

Shibboleth and Groups

In the world of Shibboleth when you have been authenticated and visit a resource various bits of information can be released to the provider of that resource to help in the decision about whether to allow you access to that resource. One bit of information that people keen on mentioning when talking about this situation is the groups that you are a member of so that an provider can have a rule such as "only allow in people from Hull University who are studying Maths" but how does the provider know which group represents the people studying Maths? Does the group include staff members as well? Is seems that in the world of Shibboleth there needs to be a group discovery mechanisms so that a resource provider can discover which group provides the appropriate set of people.