Shibboleth Developers

["David L. Wasley" <>]

Chad,
-----
At 7:48 AM -0400 on 8/1/05, Chad La Joie wrote:

> Here at GU we will need a good audit trail so we'll have to have the 
> history of prior IDs kept.  Personally I would like to see them kept 
> in the same database (as opposed to a file somewhere) that the 
> ePTIDs are maintained in, just makes it easier, I think, to operate 
> on them programmatically.
Which entity needs the audit trail - the IdP or the SP?  Or is the 
IdP supposed to support the SP in this way?  Or ...?

I think that any SP that cares what physical person is doing what 
should ensure that they have a persistent representation of that 
person.  For example, a permanent ID (not only never reassigned but 
that will always be actively associated with the individual).  By the 
same token, I think that one reason for a person to change ePTIDs 
occasionally is to break that association, for whatever personal 
reason.  Thus I don't like the idea that the IdP might try to keep a 
complete dossier of ePTIDs used by each IdP Subject.

Take the case of a researcher using on-line licensed resources with 
"sensitive" information.  S/he might use ePTIDs to dissociate 
searches to avoid sequential association of one search session with a 
subsequent one.  S/he wants and expects anonymity.

I think the burden of "audit trail" belongs on the service provider 
(and in a sense the IdP is also a SP to its users).  If there is a 
reason to know a particular person's actions, and the person is aware 
of that need, then a changeable ePTID is not an appropriate 
identifier to use with that SP.

        David