common LDAP schemas to draw attribute definitions from

Boyd, Todd M. tmboyd1 at
Tue Jul 2 09:09:35 EDT 2019

Attributes that are named using resolvable URLs that present meaningful information about those attributes gets my vote! We already lean in this direction by assigning our entity ID as the URL to our IdP's metadata. I think it would also help with figuring out what the heck an attribute is for just by looking at it rather than needing to decipher a URN OID as Nate hinted at.

I believe Microsoft is using URL-based attributes for ADFS/SharePoint/etc., though it's using WS-Fed rather than SAML.


-----Original Message-----
From: users <users-bounces at> On Behalf Of Nate Klingenstein
Sent: Monday, July 01, 2019 5:54 PM
To: Shib Users <users at>
Subject: RE: common LDAP schemas to draw attribute definitions from

> For a similar reason, I'm also hesitant to use URLs, because I feel 
> like they should resolve to relevant information.  I realize we could start to address both by improving documentation.

I've been arguing for URL-named attributes that host both machine-parseable basic information about the attribute as well as a human-legible explanation of what the data are and failing miserably at it for almost a decade, so I obviously have deep sympathy for this one.  It appears that there just isn't a use case for this, or attributes are simply too complex to be handled by such a basic mechanism.  I don't know, as it makes such intuitive sense to me compared to URN's that are a challenge to resolve.

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list