Problem
...
Statement
- Context-setting diagram
...
Use Cases
...
- User A goes to a wiki tool via an LMS front end. User B goes directly to the wiki tool: The first implies support for delegation on both the LMS front-end and the wiki tool. The latter implies a standard web browser SSO mechanism such as protecting the wiki with a Shibboleth SP
- The reality of applications in the cloud dealing with multi-identity. (Chuck investigating an interface wrapper around the tool. Make it work with 2 models jvm java tool, or php tool with php hosting environment.
- User goes to front end (e.g., portal) that requests data on user's behalf (server to server)
- cf CAS delegated credential. CAS doesn't work in the federated environment
...
Solution Possibilities
...
- User begins at an unprotected URL and at some point may click on a SAML-protected URL at which point they will be asked to authenticate (lazy session model?).
Other considerations
...
- Tool needs to understand Global Identity
- Implies having a unique, persistent identifier for both the IdP and the user; may imply account linking such that a person can authenticate by more than one IdP and still be recognized as the same individual