Config choices for tier/shibbidp_configbuilder_container

Cantor, Scott cantor.2 at
Wed Oct 2 09:11:09 EDT 2019

> Seems like an odd decision to only trigger attribute release consent only when a FERPA attribute
> is present for a user.

Consent is virtually unused in the US. About the only case it really becomes an interesting choice is to allow FERPA overrides in real time. I think that was a nod to that idea, but the problem is that whenever somebody presupposes anything a deployer might want to do, the result tends to be insufficient for everybody. It's not specific enough to be useful to the people who get the idea and is a hassle for all the people who don't.

That’s why the distribution has always been bare bones out of the box compared to the assumptions other projects make about defaults, and that annoys a whole different set of people who don't underrstand why their default notions aren't universal.

i.e. I agree, sort of, but there are no right answers other than "defaults can never be a substitute for explicit review and configuration of every aspect of the system".

But I think the changes to the shipped defaults ought to be very explicitly outlined or expressed as a diff somewhere.

> I haven't done an empirical test yet but it does seem like the tier/tap image is
> loading a lot faster than what I was experiencing with the Unicon shib image I
> was basing my deployment on previously. That is likely due to the change in the
> JVM used (Azul vs. Corretto).

That seems unlikely. I would have assumed it was MDQ but I guess that's not in there yet. Tomcat itself is drastically slow compared to Jetty, but I know they're using Tomcat too. If anybody identified JVM differences, that would be a huge discovery.

-- Scott

More information about the users mailing list