Shibboleth Developers

["Scott Cantor" <>]

> I'm going to have to let someone else answer this, but my
> understanding is that a grid client is extremely thin and so we can't
> assume the metadata is cached on the client side.

I guess I thought they were generally desktop/laptop systems. Not phones, in
other words. ;-)

> I thought the AA keyed off Resource to distinguish queries.  Correct
> me if I'm wrong, but Resource is usually the SP providerId.  In the
> case where a user is asking for its own attributes, I thought Resource
> was a static value indicating the client type (e.g., LionShare).

We define Resource to be "requester". Issuer for all intents and purposes.
Since that only accomodates system entity names and not generally people at
the moment (maybe XRIs will change all that), the LionShare plan was to
avoid overloading it and use a fixed value or just omit it and use an HTTP
header, I don't really remember what was decided.

Ironically, though, using it as "the context in which the attributes are to
be used" is more like the original intent of the attribute, and is a pretty
close fit to what you're describing.

> I suppose it could be semi-static, that is, a static prefix to
> indicate GridShib followed by the grid service providerId.  Is this
> what you had in mind?

I wasn't really thinking anything, just musing. Since it's gone in 2.0, I
really wouldn't advise using it anyway.

It's funny how poor decisions cascade. Had they agreed to add Issuer in 1.1
when I asked for it, we would still have had Resource, and we wouldn't have
been so anxious to dump it in 2.0 when we added Issuer.

-- Scott