Shibboleth Developers

["David L. Wasley" <>]

Spencer,  I think there is a better way to do this.  First of all, 
you won't (I believe) get an ePTID since there is no need to identify 
a person beyond "member of the community".  However, you will get a 
transaction ID (I assume - right?) and that can be sent back to the 
IdP for correlation with the IdP's logs.

        David

-----
At 2:02 PM -0400 on 8/1/05, Spencer W. Thomas wrote:

> Here's a "counter" use case:
>
> JSTOR expects that its participating institutions (IdP's in this 
> context) will generally have the capability to identify the 
> individuals who are engaging in practices that violate the terms of 
> the JSTOR license agreement. A specific example of such violation is 
> downloading a complete issue of a journal. If we detect such 
> activity, then we expect that we will have information that we can 
> provide back to the institution, such that they can identify the 
> individual and discourage them from repeating the prohibited 
> activity. We do not expect that they will tell us who the individual 
> is, just that they have taken steps to prevent that person from 
> engaging in such activity in the future.
> [...]