entity descriptors from multiple registrars
Cantor, Scott
cantor.2 at osu.edu
Wed Sep 17 10:21:31 EDT 2014
On 9/17/14, 7:38 AM, "Tom Scavo" <trscavo at gmail.com> wrote:
>Suppose a deployment consumes metadata from multiple sources such that
>its metadata store contains entity descriptors from multiple
>registrars (i.e., federations). How does Shibboleth distinguish
>metadata from different registrars?
>
>For the IdP, I think I know the answer: Install the
>mdrpi-match-idp-ext add-on on Shibboleth IdP 2.4 (or later):
>
>https://github.com/ukf/mdrpi-match-idp-ext
>
>What is the answer for the Shibboleth SP?
None for the moment. I really wasn't paying attention at the time or I
would have argued against creating a custom extension in favor of using an
entity attribute.
I think when you dig into this a little, though, the answer is that I
don't care who the registrar is, but what some particular policy is. And I
think that ought to be expressed directly rather than through implication
based on the registrar, or based on a more far-reaching policy statement
that probably includes many different things, some worth caring about and
some not.
-- Scott
More information about the users
mailing list