Uncertainty about scopes in metadata and it's relation to scoped attributes.
Mathis, Bradley
bmathis at pima.edu
Wed Jul 3 15:12:37 EDT 2019
Thanks for the information Scott!
Brad Mathis
IT Principal Systems Analyst
Infrastructure Services - Applications
Pima Community College
520.206.4826
bmathis at pima.edu
On Wed, Jul 3, 2019 at 11:34 AM Cantor, Scott <cantor.2 at osu.edu> wrote:
> Scope filtering prevents cross-IdP impersonation of users and using
> metadata to drive it offloads all of the work required to manage it, making
> it a huge value proposition of the third party federation model. An SP is
> free to modify or supplement its filtering rules any time it wants but were
> I them I'd tell you to fix your metadata, which is what they did. Otherwise
> you're asking every SP to account for it over and over again.
>
> Having said that, those are probably bad EPPNs. Having a domain in there
> that's clearly about email and nothing at all relevent to what EPPN is for
> is a good sign it's a bad decision. The purpose of multiple scopes in
> metadata was for dealing with cases like multi-campus systems, and for
> proxies.
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190703/28dd0653/attachment.html>
More information about the users
mailing list