uApproveJP (Re: "Password leak at Elsevier")
Takeshi NISHIMURA
takeshi at nii.ac.jp
Fri Apr 12 07:37:49 EDT 2019
Hi Peter. Thanks for your comment.
"U" character is an icon for the purpose of requesting the attribute (ex, This attribute is used as the initial value of the mail address field of the registration form.)
Such text is held in <uajpmd:Description> as an extension in SP metadata.
You cannot disable it.
Your advice for improvement is much appreciated. Thanks again!
Takeshi
On 2019/04/11 20:41, Peter Schober wrote:
> * Takeshi NISHIMURA <takeshi at nii.ac.jp> [2019-04-11 13:22]:
>> Our uApproveJP supports optional release according to
>> isRequired="false" in <RequestedAttribute> in SP's metadata.
>
> Thanks, Takeshi, this is a step forward in potentially making
> per-attribute consent workable. I'm looking forward to seeing this
> functionality being contributed to and included in future Shibboleth
> IDP releases.
>
> (This will still suffer from the usual isRequired issues, i.e., the
> inability of RequestedAttribute elements to express extremely common
> patterns such as "At least 1 out of these 3 attributes is required",
> but that's nothing UApproveJP can fix, of course.)
>
> What's the purpose and meaning of those boxes with a "U" character in
> them, though, that's being displayed for all not-marked-as-required
> attributes? Can this be disabled easily?
> https://meatwiki.nii.ac.jp/confluence/download/attachments/17006712/2_attr-selection_en.png
>
> How about sorting isRequired=true attributes before optional ones in
> the interface? Would that make it more clear, at the cost of not
> sorting all attributes alphabetically?
>
> Also note that for the SAML subject-id identifiers there's a
> different signalling based on Entity Attributes, not
> RequestedAttribute, that should probably also be taken into account.
>
> (Other non-related idea, while I'm at it: How about not showing
> attribute values by default, only the names, and adding a link "Show
> values" to see the details? That would keep the initial interface
> state cleaner. Some deployers may even prefer a config option to not
> show the values at all, in which case the link "Show values" would
> simply be hidden.)
>
> Best regards,
> -peter
More information about the users
mailing list