Proposed eAcademy/Shibboleth Integration - Entitlement Value Exchange
Summary
UC wishes to enable self-service electronic downloads of qualifying Microsoft products through eAcademy. One requirement is that UC campuses needs to transmit user entitlement information to eAcademy. This document proposes a mechanism through Shibboleth, particularly through the use of eduPersonEntitlement attribute values.
Proposed Entitlement Values
We propose that the participating campuses prepare specific eduPersonEntitlement values in the form of:
urn:mace:<campus>:entitlement:mcca:<software-name>
The campus' IDP asserts the above value(s) to eAcademy whenever a person qualified to download the named software package signs into eAcademy.
eAdcademy checks for the named values during each sign-in to determine the individual's right to download.
Prerequisites
- The participating campus must have a mechanism to track who is eligible to download Microsoft ware under MCCA.
- The participating campus must have a way to convert the eligibility data into eduPersonEntitlement values.
- eAcademy must be able to consume eduPersonEntitlement values at sign-in time to determine an individual's eligibility.