Hi,
I thought that I would like to present the extra service that I mentioned was missing from the SSO suite, and was discussed briefly between a few of us just after the session.
Use Case
Many institutions require that the user registers locally in their user database before they can interact with local services - ie a local identity is the first authorization requirement. This is likely to remain a requirement at many institutions long after a VO SSO is well established, as they will have legacy systems (proposals, archive access, etc.) that depend on the the local identity. This local identity can be mapped to the VO identity (i.e. a X509 certificate), so there is no problem with authentication. However, even if the user has a trusted VO identity, it does not contain sufficient metatdata to initially register the user locally. If the user has repeatedly to fill in the same personal details to register with every institution it makes SSO a more painful process than necessary. It is also true that astronomers (especially young ones) change their home institution quite frequently, so the process of registering metadata locally, will be relatively frequent.
Solution
A service that can provide the necessary user metadata - when registering at a new institution the user can press a "fetch my details" button on the registration form to fill in common metadata. The user then chooses where they want to source their metadata, and the relevant boxes on the registration form will be completed.
assorted observations
* The schema of the information to be passed needs to be decided
Paul Harrison
ESO Garching
www.eso.org
Received on 2007-05-18Z08:07:39