wish list: ability to define reusable blocs in SP configuration

Guillaume Rousse guillaume.rousse at renater.fr
Tue Aug 7 04:04:18 EDT 2018

Le 06/08/2018 à 18:47, Peter Schober a écrit :
> * Guillaume Rousse <guillaume.rousse at renater.fr> [2018-08-06 16:42]:
>> BTW, this organisational issue aside, how do you distinguish between
>> different federations, with just attribute-based filtering ? Some kind of
>> SP-set 'is-member-of' attribute ?
> I wouldn't. What's the use-case here? You're loading metadata from a
> multitude of registrars (individually or maybe via an aggregator such
> as eduGAIN) but you only trust some of them, based on your detailed
> review of each registrar's Metadata Registration Practice Statement?
Scott suggested to switch from a SP-based metadata filtering to an 
application-based attribute filtering. If the SP starts to trust all 
IdPs, whatever the proxified application, the original compartimentation 
still has to be achieved someway.

Guillaume Rousse
Pôle SSI

Tel: +33 1 53 94 20 45

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3637 bytes
Desc: Signature cryptographique S/MIME
URL: <http://shibboleth.net/pipermail/users/attachments/20180807/888032d3/attachment.p7s>

More information about the users mailing list