shibboleth-dev - RE: ARP selection algorithm
Subject: Shibboleth Developers
List archive
- From: Scott Cantor <>
- To: 'Parviz Dousti' <>,
- Subject: RE: ARP selection algorithm
- Date: Fri, 19 Apr 2002 14:02:22 -0400
- Importance: Normal
- Organization: The Ohio State University
> Good example! Here is how I have always been thinking about this:
>
> 1- Unlike Resources, election of a SHAR is not based on
> "best fit". It is either exact match or default.
>
> 2- For the SHAR "chem101.osu.edu" there has to be a
> Default Resource which would be used if no match found on other URLs
> for this SHAR (case of your example). The creation of that default
can
> be forced by UI.
That is one possible approach to the issue. It would allow the algorithm
to step down the tree, but that isn't currently specified in the
architecture. I'm not sure I see the advantage though. It's trivial to
store an ARP as a simple tuple in a table (SHAR expression, URL
expression, etc.).
To find the right ones, all you have to do is start by matching the
SHAR. But instead of finding the best fit right then, you keep going and
evaluate the URL column for a match, and then you go back and decide
which one is the best fit on the SHAR.
I think it took me less time to think about how to implement that
(admittedly not in code) then it would to rewrite the architecture to
explain why you can't create a SHAR/specific ARP without first creating
a SHAR/* ARP. But I'm willing to do it if people really think that's
better.
> 3- To set up Defaults to handle your example one could
> have set up the default SHAR with at least 2 resources:
> URL: *.edu -> Attr: Affiliation (All values)
> URL: * -> Attr: Affiliation (MEMBER only)
The defaults I had would work as is, it's just that you have to, per
your suggestion, insist on always being able to find a matching URL
(namely a default * match) in any set of ARPs for a SHAR.
We never called that out, so the current spec requires matching both
initially and then pruning the set afterward.
-- Scott
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- ARP selection algorithm, Scott Cantor, 04/19/2002
- Re: ARP selection algorithm, Parviz Dousti, 04/19/2002
- RE: ARP selection algorithm, Scott Cantor, 04/19/2002
- Re: ARP selection algorithm, Parviz Dousti, 04/19/2002
Archive powered by MHonArc 2.6.16.