1. A brief description of what is proposed
Allow authorised Raven users in an institution to create local logins for short-term visitors.
2. An explanation of how it would be useful
Would allow short-term visitors to use Raven authenticated services.
3. One or more suggestions of how it could be implemented
Web form for authorised users allows registration of local user (name, position, home institution, contact email/tel). Result is a page much like the UCS pre-arrival registration system so user can collect their own password.
To be really nice Raven would need to understand that temporary users can only access pages in a specific domain... unless an institution can specify username (chemtemp01, etc.) then an institution can add those Raven IDs to Raven access control lists. I think it would be easier if Raven did this work.
Not yet a detailed step-by-step description, but an outline of a solution:
- Use Raven/Shibboleth rather than Raven/Webauth
- Set up your own Shibboleth IdP, where you give your non-Raven users a login
- Set up your own Shibboleth Discovery Service (DS) to select the appropriate IdP (i.e., Raven or your own)
- Configure your Shibboleth SP to use your own DS rather than the "Ucam Federation" or the "UK federation", such that you can direct them to either the Raven IdP or to your own IdP