meta attributes (was: IdPv3 - eduPersonTargetedID - How to define and release this attribute?)
Cantor, Scott
cantor.2 at osu.edu
Mon Apr 4 13:48:37 EDT 2016
> But it seems like the SP still needs to understand all of the possible attributes
> that could be received and their expected precedence, plus understand
> when an IdP is known to follow the rules e.g., for non-reassignable ePPNs.
> So in that sense it seems like the SP can't be abstracted out of the problem.
The assumption is the SP is already handling all that today. The point of the meta-attribute to just to support isRequired, really, so that's confined to metadata.
> >One sort of difference is if you move toward remotely supplying attribute release policy,
> >you could define the meta-attribute "look aside" behavior centrally, sort of.
>
> Not sure what you mean by a central "look aside" behavior here.
The look aside is the IdP release rule saying "for requested meta-attribute Foo, release attribute bar".
-- Scott
More information about the users
mailing list