shibboleth-dev - RE: AA Attribute Classes
Subject: Shibboleth Developers
List archive
- From: Scott Cantor <>
- To: 'Parviz Dousti' <>,
- Subject: RE: AA Attribute Classes
- Date: Fri, 24 May 2002 18:01:54 -0400
- Importance: Normal
- Organization: The Ohio State University
> Every attribute (e.g. eduPersonAffiliation) would have a Java
> class with the same name. These classes extend ScopedAttribute class
> which in turn extends SAMLAttribute class.
One nit...not everything necessarily needs to be scoped (eg. email
address, SSN) so they would work ok just hanging off of SAMLAttribute.
> These classes provide the opportunity for
> converting name of the attribute to the standard (e.g. at CMU
> we have to convert cmuAndrewId to EPPN) and the values (e.g. Staff to
> staff) as well as anything else a site might want to do to attributes
> before turning them over to shar.
Exactly.
> Attribute classes should be bundled in a jar file (e.g.
> attributes.jar) and be in the classpath for the tomcat.
> Name of this jar file also needs to be given in the config file
> so AA can prepare a list of all known attributes.
Does the reflection API provide any potential way for the AA to walk the
class list by looking for descendants of SAMLAttribute? I haven't tried
anything like that.
It might be worthwhile to mirror some of the C++ I'm working on, and
create a registration hook for the Attribute derived classes or perhaps
the AA itself to call during initialization that links the attribute
name to the Java class.
That's how I handle SAML extensions in Java also, and how the SHAR will
locate attribute implementations based on the incoming attribute names
(except it's a function pointer in C++ and not a class name of course).
We can hit that stuff later, its just fluff.
> Name of these classes also correspond to attribute names in ARPs.
Ok, maybe it's a little more than fluff. It's fairly important that
those be unambiguous internally. The intent was to use URIs for naming
to insure that everything was clean. I think all you'd need is a way to
lookup the class you want from a URI in the ARP. I can add that
machinery to SAMLAttribute (for an example, look at SAMLStatement,
SAMLQuery, and SAMLCondition and their derived types).
-- Scott
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- next week's design call........., Steven_Carmody, 05/23/2002
- A working AA !, Parviz Dousti, 05/23/2002
- RE: A working AA !, Scott Cantor, 05/23/2002
- AA Attribute Classes, Parviz Dousti, 05/24/2002
- RE: AA Attribute Classes, Scott Cantor, 05/24/2002
- AA Attribute Classes, Parviz Dousti, 05/24/2002
- RE: A working AA !, Scott Cantor, 05/23/2002
- A working AA !, Parviz Dousti, 05/23/2002
Archive powered by MHonArc 2.6.16.