entity descriptors from multiple registrars

Cantor, Scott cantor.2 at osu.edu
Wed Sep 17 10:21:31 EDT 2014

On 9/17/14, 7:38 AM, "Tom Scavo" <trscavo at gmail.com> wrote:

>Suppose a deployment consumes metadata from multiple sources such that
>its metadata store contains entity descriptors from multiple
>registrars (i.e., federations). How does Shibboleth distinguish
>metadata from different registrars?
>For the IdP, I think I know the answer: Install the
>mdrpi-match-idp-ext add-on on Shibboleth IdP 2.4 (or later):
>What is the answer for the Shibboleth SP?

None for the moment. I really wasn't paying attention at the time or I
would have argued against creating a custom extension in favor of using an
entity attribute.

I think when you dig into this a little, though, the answer is that I
don't care who the registrar is, but what some particular policy is. And I
think that ought to be expressed directly rather than through implication
based on the registrar, or based on a more far-reaching policy statement
that probably includes many different things, some worth caring about and
some not.

-- Scott

More information about the users mailing list