Shibboleth Developers

[Scott Cantor <>]

> should there be a way  to specify (when the  Site  Admin creates an 
> ARP)  "who qualifies to use this ARP" separate from the specification 
> of "what  attributes get released?"....
> 
> for instance, I might want to say "if [ (Affiliation=faculty) & 
> (Department=Economics) ] then release entitlement=BLAH

What is the intent?

a) Award entitlement BLAH to people who meet condition xyz

b) For people who meet condition xyz, release entitlement BLAH if they
own it

I think (a) is definitely out, because you don't need to mix the issue
of how somebody gets an attribute value with release policy.

If you mean b, it seems like something you could implement on top of an
AA if you had a way to collect a set of users by some criteria and then
set an ARP for all of them at once.

Probably you want to keep default/admin ARPs pretty non-user specific.

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--