Shibboleth Developers

[Derek Atkins <>]

The problem is that different documents define different ways to
process a particular attribute.  IIRC there are at least two ways to
handle an X.509 DN..  Which one do Shib users use?  And how do we
agree to use DN from document A but something else from document B?

I agree we should refer off to other documents whenever we can, but I 
don't see any reason to groups the uris by document.

-derek

Walter Hoehn 
<>
 writes:

> Since this is my last chance, I'm going throw up my hand here and
> admit that I don't really get this.  Are we planning to enumerate the
> semantics of all attributes in our registry?  I wouldn't think so.  If
> we aren't, then we have to rely on external documents to do so.  This
> being the case, what is so nasty about a naming scheme that groups
> things based on these same documents.  It seems to me that flattening
> the namespace makes things harder for us to manage (since we have to
> refer to external documentation for EVERY attribute, instead of groups
> of them) and less clear to users (something like "uid" could mean any
> number of things more or less specific than what is outlined in RFCs
> 1274/2798, do I really want to have to look at the registry to tell
> which sort of "uid" we are talking about here?).
> 
> -Walter
> 
> P.S. I know we are trying to cut a release, so I'll shut up now if asked.
> 
> 
> RL 'Bob' Morgan wrote:
> 
> >Thinking about all this makes me think, contrary to where I started out,
> >that basing any of this naming on documents is just a bad idea.
> >Documents are revised.  They only include some stuff of interest, not
> >other stuff.  Some stuff you want isn't in any particular document (yet).
> >In this case, if eduPerson doesn't cover some stuff but eduOrg does, do we
> >have to put some defs under urn:mace:dir:eduorg#foo?  This is the sort of
> >hand-wringing it would great to avoid.  We're going to have to live with
> >this stuff for a long time, which is why I'm pressing for a scheme that
> >requires the least justification and the least process-churn going
> >forward.  Which is why I (now) recommend just having a bucket where these
> >named definitions go, without adding other dependencies to it.
> >
> 
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       

                        PGP key available

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--