This guide is designed to give you an outline to a mini project for setting up devolved constraints or devolved entitlements. The guide starts by introducing some key terminology, then presents a list of steps that a mini project to set these up might require.
Introduction
The following terms are frequently used and are often easy to confuse…
-
Devolved authentication
This is the process of Talis Aspire talking to your institution’s Identity Provider (IDP). This is how you log into Talis Aspire. Talis Aspire uses a protocol called SAML2 to have a conversation with your IDP. It is during this conversation that the Entitlements and Constraints are passed to Talis Aspire in the
eduPersonEntitlement
attribute. -
Devolved Entitlements (sometimes referred to as Enrolments)
These apply to Students, and are a list of modules on which the student is enrolled. Supplying this list of modules enables the Print/Download functionality of Talis Aspire Digitised Content, and will flag lists in Talis Aspire Reading Lists as ‘enrolled’.
An example of an entitlement value might look something like this.
ABC123 DEF456 GHI678
-
Devolved Constraints
These apply to staff, and are one or more roles which define what permissions a user might have to create and edit data in Talis Aspire Reading Lists.
See the documentation linked to in the mini project outline below for more on this, but an example of a devolved constraint might be something like this:
http://lists.university.ac.uk/constraints?role=listpub&scope=ABC123&scope=DEF456&scope=GHI678
Mini project
- Identify whether you want to setup Entitlements, or Constraints or Both
- Constraints are mainly used in Talis Aspire Reading Lists to give permissions to users to create or edit lists.
- Entitlements are mainly used in Talis Aspire Digital Content
- Both - As the actual process is similar, you might find it efficient to setup both at the same time.
- Identify the staff who will need to be involved in this project:
- Someone who knows your authentication system
- Someone who knows your registry system
- Someone who knows your Learning Management System
- Someone who knows your Talis Aspire system
- Identify a source of truth:
- Entitlements - you need to know which students are enrolled on which modules (your registry or Learning Management System might know this already).
- Constraints - you need to know which staff are associated with which modules (your Learning Management System might know this already).
- Work to make the source data available to your authentication system.
- Release the
eduPersonEntitlement
attribute to Talis Aspire from your IDP.- You can release this multiple times if you need to send to Talis Aspire both entitlements and constraints, or wish to send more than one constraint.
- If you are in the Tuakiri Federation (New Zealand), then please contact Talis Support. We have an additional task to ensure that the attribute will be recognised.
- Test:
- When you have logged into Talis Aspire, you can use the following url to inspect what attributes Talis Aspire has received from your IDP: https://rl.talis.com/3/TENANCY/user_debug (change the TENANCY part of the URL to your own Talis Aspire tenancy code. Canadian Universities should use https://rl.ca.talis.com/3/TENANCY/user_debug)
- You're all done!