Frequently Asked Questions
Q: What does an Identity Provider (IdP) do?
• Allow SSO, within the institution and federation.
• Maintain user attributes while protecting privacy.
• Know the SPs in the federation, so they only send user attributes to trusted SPs.
• Allow idp administrators and individual users to control the attribute release.
• Protect web applications to only be accessed by federation idp users
• Control access to service (who can access what) based on the attributes received from an IdP, i.e. they implement attribute-based access control.
• Know the IdP in the federation, so they only accept user assertions from trusted IdP.
A: If you identity affiliation is a CARSI-idp, you can use federation shared resources under the agreement between your home idp and the visited resource. If you have no CARSI-idp identity, you can register an open-idp identity and become a federation guest user. Only parts of the shared resources can be visited by the Open-IdP users depending on the resource visiting policy.Q: How can I register an Open-IDP account?
1. visit http://carsi.edu.cn, choose to be a user.
2. select Open-IdP -& Registering an account.
3. fill in the form and submit.
4. get your account.