Shibboleth Developers

[Scott Cantor <>]

After some thought and some questions from Steven, I'll express agreement 
with Bob's central point, which seems to be (correct me if
I'm wrong), that:

a) we picked the XACML format because we thought we should

b) the XACML format is intended to document an unambigious way to construct 
attribute ID/names for X.500/LDAP stuff

c) it doesn't, so it's pointless

I think I can buy that. Ok, so does that mean we should change the proposed 
X.500 names? Yes.

Should we keep using URNs? I don't mind, but my main belief is that URLs are 
fine as long as you make them dereferencable. So if
we're prepared to host a document behind them, using URLs would be just fine. 
If we use URNs, we make it harder to find the
document, but we could in the future dereference to it with DDDS software.

Should we use fragment ID syntax? Only if, should we provide a document, it 
is a media type that supports fragment IDs and we
provide those IDs in the document (anchors in HTML). If we don't provide 
dereferencing, we can use fragments and they mean nothing
anyway.

If you can't tell, I'm trying to argue for keeping 
urn:mace:dir:eduperson#attribute as the syntax for the existing attributes. 
Then
we can ship.

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--