Shibboleth Developers

["Scott Cantor" <>]

 > Regardless, what unscoped attributes permit a suffix like that? None I
> know of.

To head off the obvious, email address obviously does. But that's not an
attribute anybody should be writing policy-based filtering rules around or
using for authz, so nobody should be "interpreting" the suffix. It's an
atomic value.

That's the difference between scoped and unscoped. To Shib, unscoped means
an atomic value.

-- Scott