Evolving Attribute Release Policies for campuses
kwessel at illinois.edu
Wed Apr 6 10:30:04 EDT 2016
Correct, Scott: no connection. I entered IDP-970 into Jira yesterday as a suggestion to address this as a follow-up to my discussion on this list about that last week.
And Peter's correct: if required/optional could be made available to the consent page, it would make sense with per-attribute consent enabled to only make the optional attributes selectable; required couldn't' be unchecked.
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Tuesday, April 05, 2016 6:17 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Evolving Attribute Release Policies for campuses
On 4/5/16, 6:56 PM, "users on behalf of Scott Koranda" <users-bounces at shibboleth.net on behalf of skoranda at gmail.com> wrote:
>I do not see that IdPv3 consent, when configured in a
>way that examines the SP metadata for requested attributes
>and their required/optional flag, helps with attribute
>release and interoperability in the eduGAIN context.
Just a point of clarification...I may be misremembering something, but at present I don't think there is any connection between the metadata's list of attributes requested and the consent feature. The UIInfo extension is used, but I think that's it.
I'm aware there are people who want a connection made, just saying it's not there at the moment.
As I said on the MACE-Dir call yesterday, I believe that the basis of the R&S work was very much to avoid selective release of any attributes in the bundle, and I don't think it's a good idea to combine those concepts.
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users