Experiences / Standars with academic info in SAML

Nate Klingenstein ndk at signet.id
Mon Nov 12 12:16:13 EST 2018


> weve been using Shibboleth for over a year without major problems and our number of SPs is growing fast and faster.

That's fantastic.  Congratulations.

> One of the questions that Im frequently asked is if there can be academic information in our SAML response, in order to take authorization decisions on resources and applications.

Sure, you can send virtually any information that both the sender and the recipient understand.  It's more the definition of the attributes that is the challenge, and there's such diversity in higher education in needs in this particular area that the proposed standards never really took off.


> I mean, I was thinking on sending in the entitlements the degree enrolled, or even the classrooms.

You can appropriate the entitlements attribute for basically any information, but I don't think that makes it the best way, unless you literally are passing around specific rights rather than general information about selected majors or classrooms.  You have specific types of data and corresponding values that you want to express.  I would think dedicated, defined attributes are a better idea.  But it really depends on what kind of information you need to convey.

> So my questions are: Do you think is a good idea to have that kind of information in the SAML?

Sure, if your use cases require it and your IdP's and SP's can come to agreement on attribute naming, controlled vocabulary, and requirements you're trying to address.  You might find this old Wiki article a useful example.


Your English is just fine, and have a great evening,

More information about the users mailing list