meta attributes (was: IdPv3 - eduPersonTargetedID - How to define and release this attribute?)
Eric.Goodman at ucop.edu
Mon Apr 4 13:30:56 EDT 2016
>> How is this different than defining a new attribute "epSUID" and
>> defining the contents in exactly the same manner?
>The basic difference is SPs. New attributes mean you touch them, these kinds of abstractions mean you don't.
But it seems like the SP still needs to understand all of the possible attributes that could be received and their expected precedence, plus understand when an IdP is known to follow the rules e.g., for non-reassignable ePPNs. So in that sense it seems like the SP can't be abstracted out of the problem.
>One sort of difference is if you move toward remotely supplying attribute release policy,
>you could define the meta-attribute "look aside" behavior centrally, sort of.
Not sure what you mean by a central "look aside" behavior here.
More information about the users