...
People that have an MIT Kerberos username do not need to create a Collaboration Account, such an account will provide MIT users with no new capabilities. The same is generally true for any person that has an existing account with other members of the InCommon Federation.
Touchstone Collaboration Accounts are:
- Free
- created via a simple to use web browser accessible interface
- Shibboleth Single Sign On enabled
- updateable via a self-service browser interface
- based on open standards including SAML, Shibboleth, and OpenID
Touchstone Collaboration Accounts provide the following services:
- self service user account registration and maintenance
- authentication
- self-service password management and resets
- Shibboleth/SAML attribute releases
The TouchstoneNetwork.net identity provider will perform the following attribute releases:
- HTTP_SHIB_INETORGPERSON_DISPLAYNAME, First name and last name of the registered account
- REMOTE_USER, which will be an EduPersonPrincipalName (EPPN) scoped to touchstonenetwork.net
- HTTP_SHIB_INETORGPERSON_MAIL, the email address that the user entered when registering for the account
- HTTP_SHIB_AUTHENTICATION_METHOD, which will indicate if the user used theier Touchstone password, OpenID, or Kerberos tickets to initially authenticate to the IdP.
...