Shibboleth Developers

[Digant C Kasundra <>]

Hello folks,

In my perhaps foolish attempt to be useful, I'm going to try
implementing the LDAPArpRepository.  I think one of the things that must
be discussed (here or elsewhere) is what ARP entries in the directory
should look like, and perhaps drafting a schema as well.

My immediate concern is how best to represent ARP information in the
directory.  To form the heirarchy of ARP, I can see perhaps a base entry
for the identity-provider-wide default ARP.  From here, I would imagine
there would be subentries per user.  And under these, there could be
subentries per service-provider (for user ARP's per service-provider
functionality, which I think could potentially destroy your directory
due to sheer volume).

The other topic of discussion should be how best to represent the
attribute-permit pairs (urn:mace:...:eppn:deny perhaps?)

-- DK