shibboleth-dev - Re: Scope of self

Subject: Shibboleth Developers

List archive

Re: Scope of self

From: Tom Scavo <>
To:
Subject: Re: Scope of self
Date: Fri, 4 Nov 2005 15:58:07 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=t1oUw3iWKCmm8taAsCkOyQOVJYYCbLPmmPxYyex7q+hY0sJbzBYaOISmNa32p+7bY8svXWn4yn1ZJuwpsQEcmUTltPC1zk8C6hXfvOoy1AFfjgQbxPtAau6yx+b67IYSqm3nchHvDRhs8035oD992q5BQgzVE9+KyOEpccEoI1k=

On 11/4/05, Scott Cantor
<>
wrote:
> > How can a name mapping plugin know shibmd:Scope if the IdP does not
> > consume its own metadata?
>
> It doesn't know it. The only place scope is ever mentioned is inside the
> attribute resolver. Name Identifiers aren't "scoped" and there is no code
> that could filter them using the metadata anyway.
>
> Regardless, consuming your own metadata is never a requirement for anything.
> You can always configure the information directly...

Sorry, I should have told you what I'm trying to do. I'm implementing
a name mapping plugin for emailAddress identifiers. Rather than
require a Scope attribute in the <NameMapping> element, the thought is
to default to shibmd:Scope taken from IdP metadata.

Gee, how many scopes are there in the world? Is there a scope defined
somewhere in the IdP that a name mapping plugin can leverage?

Thanks,
Tom

Scope of self, Tom Scavo, 11/04/2005
- RE: Scope of self, Scott Cantor, 11/04/2005
  - Re: Scope of self, Tom Scavo, 11/04/2005
    - RE: Scope of self, Scott Cantor, 11/04/2005
      - Re: Scope of self, Tom Scavo, 11/04/2005
        
        RE: Scope of self, Scott Cantor, 11/04/2005
        
        Re: Scope of self, Tom Scavo, 11/05/2005
        
        Re: Scope of self, Scott Cantor, 11/05/2005

List archive

Re: Scope of self