Shibboleth Developers

[Noah Levitt <>]

On Thu, Jun 03, 2004 at 19:50:11 -0400, Scott Cantor wrote:
> > In the third example I have different documents ("Resource"s
> > I called them) with different access requirements. I think
> > it's good to put it down this far in the hierarchy so that
> > there doesn't have to be a separate contract each document
> > in the application.
> 
> You have Resource as a container for the attribute set that satisfies the
> policy, but the contract is the attribute set, so isn't that having the
> opposite effect? Or is the consumer expected to union all of the pieces
> together to figure out what the actual ARP needs to be?

I figured that the arp gui would count the number of
different values are needed for different resources and
decide if there are more than 5 or so to present only the
options "none" or "any value".

> 
> There's also the fact that I assumed we'd be using SAML metadata for
> expressing the attribute requester's requirements unless there was an
> obvious need to go a lot farther right away, and it won't contain this kind
> of policy.

So you're staying instead of this or xacml we should be
using saml? 

Noah