wish list: ability to define reusable blocs in SP configuration

Peter Schober peter.schober at univie.ac.at
Mon Aug 6 12:47:56 EDT 2018


* Guillaume Rousse <guillaume.rousse at renater.fr> [2018-08-06 16:42]:
> BTW, this organisational issue aside, how do you distinguish between
> different federations, with just attribute-based filtering ? Some kind of
> SP-set 'is-member-of' attribute ?

I wouldn't. What's the use-case here? You're loading metadata from a
multitude of registrars (individually or maybe via an aggregator such
as eduGAIN) but you only trust some of them, based on your detailed
review of each registrar's Metadata Registration Practice Statement?

If so you'll probably want to run a metadata aggregation software that
allows you to filter out any entities not registered by the registars
you decided to trust, based on
mdrpi:RegistrationInfo/@registrationAuthority.
E.g. pyff or the Shib MDA can both do that.
Then point your SP to the metadata filtered and curated by the
metadata aggregator software.

-peter


More information about the users mailing list