Hey Chris (and everyone else),
I think the next step for us is to start working on use cases and user stories for how we want authentication and authorization to work. These are some of the questions that come to mind:
* Do we want to use Shibboleth for staff login authentication? Authorization?
* Do we want to use Shibboleth for patron login authentication? (Presumably yes, but just checking...)
* Do we want to use OAUTH2 for staff? For patrons?
* What is the role for Grouper in determining authorization for Okapi endpoints?
Peter
On Mar 13, 2017, 10:16 AM -0400, Chris Manly <cam2@cornell.edu>, wrote:
I think we would definitely want to coordinate E-resource access discussions with the RM SIG and with the developers.
I’m not sensing a great clamor for a discussion this week in absence of a need for our input from Indexdata. My inclination would be to cancel this week’s call, reclaim the time for other purposes, and regroup when we have a clear topic (or questions from the developers).
Any objections?