shibboleth-dev - Re: Scope of self

Subject: Shibboleth Developers

List archive

Re: Scope of self

From: Tom Scavo <>
To:
Subject: Re: Scope of self
Date: Fri, 4 Nov 2005 16:45:24 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=IaTDb9B7EYeQMHC4Ph4uq1DFM07Jm4QANjp7RiK8GmbndPrGSXfIwNgfQvdp7yO4+yCUEECm9V+AZxN86EuIE+PSW94f7hhu8vWxk3nU84StUSQ5TVPmo7MYF919OIdtjVbkPeKRqgSjZRre40X5CbqtCf2m0Q7PLjYDVq0T5nE=

On 11/4/05, Scott Cantor
<>
wrote:
> > Sorry, I should have told you what I'm trying to do. I'm implementing
> > a name mapping plugin for emailAddress identifiers. Rather than
> > require a Scope attribute in the <NameMapping> element, the thought is
> > to default to shibmd:Scope taken from IdP metadata.
>
> Meaning to figure out how to generate the email address domain? Well, again,
> I don't see a huge difference between these options.
>
> I think people have this all backwards. The goal shouldn't be to use the
> metadata to configure yourself, it should be to *generate* the metadata from
> the configuration.

You're right of course, so let me ask a different question. If we had
an automatic metadata generator, where would it get its scope value?

A beta version of a metadata generator is floating around somewhere,
and if I recall, it computes its scope value as the tail of KeyName.
So in that case, the metadata IS the authoritative source, right?

Tom

Scope of self, Tom Scavo, 11/04/2005
- RE: Scope of self, Scott Cantor, 11/04/2005
  - Re: Scope of self, Tom Scavo, 11/04/2005
    - RE: Scope of self, Scott Cantor, 11/04/2005
      - Re: Scope of self, Tom Scavo, 11/04/2005
        
        RE: Scope of self, Scott Cantor, 11/04/2005
        
        Re: Scope of self, Tom Scavo, 11/05/2005
        
        Re: Scope of self, Scott Cantor, 11/05/2005

List archive

Re: Scope of self