meta attributes (was: IdPv3 - eduPersonTargetedID - How to define and release this attribute?)

Cantor, Scott cantor.2 at
Mon Apr 4 13:48:37 EDT 2016

> But it seems like the SP still needs to understand all of the possible attributes
> that could be received and their expected precedence, plus understand
> when an IdP is known to follow the rules e.g., for non-reassignable ePPNs.
> So in that sense it seems like the SP can't be abstracted out of the problem.

The assumption is the SP is already handling all that today. The point of the meta-attribute to just to support isRequired, really, so that's confined to metadata.

> >One sort of difference is if you move toward remotely supplying attribute release policy,
> >you could define the meta-attribute "look aside" behavior centrally, sort of.
> Not sure what you mean by a central "look aside" behavior here.

The look aside is the IdP release rule saying "for requested meta-attribute Foo, release attribute bar".

-- Scott

More information about the users mailing list