Shibboleth Developers

[Tom Scavo <>]

On Fri, 25 Mar 2005 17:31:59 -0500, Scott Cantor 
<>
 wrote:
> > So if I understand you correctly, metadata is not used to determine
> > required attributes but may be used in the future (1.3?) depending on
> > the outcome of the proposed metadata extension.  Correct?
> 
> I wouldn't say it depends on that, but we reserve the option to start
> looking at metadata in some fashion at some point, but probably more for
> attribute push.

That's the use case I have in mind.  Consider LionShare, for example
(although GridShib will most likely propose something similar).

> > Okay, so that implies that SP queries and client queries (ala
> > LionShare and GridShib) are all processed in the same way (ignoring
> > ARP processing for the moment), that is, either the requested
> > attributes are returned or all attributes are returned.  Is that
> > right?
> 
> Well, I would say that we're somewhat constrained by the definition of an
> empty query, which (in both 1.1 and 2.0) cannot really be interpreted in the
> context of metadata. The definition is really "send me anything I'm allowed
> to have". So the ARP is really the starting point, that defines what "all"
> means.

Well, that's the problem, I think.  In the attribute push case, the
user is requesting attributes about itself.  So what happens when no
specific attributes are requested?

> Queries, particularly in a stand-alone use case, should absolutely send what
> they want to get back. Better to be clear.

That's what I thought you'd say.  Some of us (GridShib) would rather
not formulate specific attribute queries.  We are looking for
alternatives.  (I wonder what LionShare is doing?)

Tom