Configuring Attribute Release Consent with SP blacklist
Cantor, Scott
cantor.2 at osu.edu
Tue Apr 12 10:00:36 EDT 2016
> I haven't looked into this at all but I sure hope there's a more
> scalable way than enumerating individual SPs by name in
> relying-party.xml? With lots of local SPs already covered by ToUs
> (or contracts) that seems like a bit of a maintenance nightmare?
You can plug in an arbitrary predicate (including a script) but ultimately you can only drive it using the data you have. You can do it by EntityAttribute, or by anything else in the metadata, but if you don't have anything to base it on, I'm not sure what you can do besides list them.
In general, I would not advise listing by RP if you have to do that in many places. It's best to attach an EntityAttribute using a metadata filter, and then base the policy on the tag.
-- Scott
More information about the users
mailing list