Versions Compared

Old Version 4

changes.mady.by.user Former user

Saved on

compared with

New Version 5

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In the federated scenario, usernames are often supplied by Shibboleth to consuming applications in a form that includes a security domain qualifier, e.g. 'smithj@example.org', such as recommended by the eduPerson specification's eduPersonPrincipalName. Use of this scoped principal name within Blackboard directly as the Blackboard username is a possibility. However many or most existing Blackboard deployments utilize unscoped usernames for existing local users.

To facilitate use of allow both existing local users and new federated, non-local users within a given Blackboard deployment, an option would be supplied to map the Shibboleth-supplied principal name to the username that will be used by Blackboard. A plugin class which implements a defined interface could be supplied in the Blackboard config which performs the translation according to an institution's local requirements.

...

  • Deny - The user is denied access to the Blackboard system.
  • Create - The user is created within the Blackboard systems based on Shibboleth-supplied attribute data.
  • Provision - The user is both created within in Blackboard (if necessary) and provisioned into courses based on Shibboleth-supplied attribute data.

...

  • Would local policy allow enrollments to be provisioned solely on the basis of information asserted by a user's home IdP?
  • Would verification of enrollments need to be verified against local systems of record, such as based on registrar data or the Student Information System.?
  • Need for agreement between Identity Providers and the Blackboard hosting institution on the exact manner in which courses are represented and asserted by the IdP. Is there a need to support different representations on IdP-specific basis?
  • Are users auto-deprovisioned in any manner, such as when the attribute data states that they are no longer in a particular course? (could be dangerous...) Or after a certain period time?

Additional Issues and Questions

  • Is there a need to support both Shibboleth authentication and other mechanisms (e.g. LDAP) simultaneoulysimultaneously?
    • Possibly differentiated along the lines of local users vs. non-local/federated users
  • Some Blackboard components are not web based and assume/require the use of of a username and password. Options for handling for federated users?