...
- From both the IdP and SP side, there is a desire to minimise any overhead in terms of provisioning.
- Can this only be done through attributes? What are the other approaches we can take?
- Problem with having to invent 'hacks' to provision for unusual requests from SPs (only x number of authentications per item).
- How can we make the business logic flow to make provisioning happen? User initiated? In a federation registry.
- Is this on-the-fily / JIT?
- Can we make this happen across the whole piece or wil it always be different in different areas (library, social etc.) JISC is looking at the library piece via KB+ hook-up with the UK federation, possibly some of this working with the AAF registry, SURF look at this types of behaviours via SURF Conext. etc.
- There are no significant barriers, but we should take time to look at the pain for admins on the ground.
ACTIVITIES GOING FORWARD / NEXT STEPS
...