entity descriptors from multiple registrars

Cantor, Scott cantor.2 at osu.edu
Wed Sep 17 12:13:21 EDT 2014

On 9/17/14, 11:58 AM, "Tom Scavo" <trscavo at gmail.com> wrote:
>I definitely have use cases: two NSF-funded R&S SPs where the NSF
>dollars are intended to be used for US research, exclusively. My need
>is real and immediate. Without a solution, extending our local
>implementation of R&S to the international research community is
>essentially blocked.

Not sure I can map that statement to a specific thing the metadata is
meant to solve. It certainly doesn't tell you the country of origin of an
account holder to know who registered an IdP.

I'm against using metadata and the identity of an IdP for authorization of
users, both before and after interfederation. It's the attributes that
should matter. What these policy controls would hit would be for filtering
of attributes, or if the IdP just didn't pass muster operationally or
something like that.

-- Scott

More information about the users mailing list