Grouper Users - Open Discussion List

[Peter Schober <>]

* Chris Hyzer 
<>
 [2012-02-23 15:11]:
> So... if you have a situation where a person has multiple netIds,
> then you need to decide if any one of the Ids can get access to the
> same services, or are you securing different services to different
> netIds.  I would think generally the security is to the person,
> where you don't care which netId, but maybe there is a use case for
> the other way around.  If you want different netIds to have
> different access, then each netId would relate to a subject (either
> as subjectId or different person ids or whatever).  If you want them
> all tied together to the person, then any netId would resolve as a
> subject identifier to the same opaque subject id, that should be
> fine.

Right.

For historic reasons we give out one account/netid per role (student,
faculty/staff) and people have learned to make creative use of that
and depend on that "feature" (switching roles by switching accounts;
of course the number of people doing this on purpose probably equals
or is less to the number of those who are being refused access because
they used the wrong account by mistake).

Anyway, not having a unique persistent identifier per person
(introduction of which would be a major task, since it involves many
offices outside IT) using the netid (or generating another random id
per netid) seems to be easy enough.

Thanks,
-peter