Shibboleth Developers

[Lukas Haemmerle <>]

> I think everything you're asking for is already in those files.

Actually, that would be great :) I must admit that I haven't checked the
saml metadata 2.0 xsd very much before I wrote that mail but apparently
there are indeed more opportunities to include much more information
than I thought.

>>This e.g. means that:
>>- all supported attributes within the federation are listed
> You can publish a global AAP file with this information.

That's true.

>>- additional contact information for each SP/IdP is listed
> In the metadata.

That too.

>>- the required/desired attributes for each Service Provider is listed
> In the metadata.

Ok. It would also be nice if one could insert some description, why an
attribute is required (but of course one could use an XML comment for that).

>>- the intended audience of an Service Provider is listed
> 
> No such thing anymore, it is merely the providerId.

Well, I haven't explained that point detailed enough. What we actually
would like is that each Service Provider declares the Identity Providers
within the same federation whose users have/should have access to this
Service Provider.

So an SP XY would then declare something like:
- All users from IdPs of type 'university'
- But not users from university Z
- But also users from hospital W

This is what I meant with "intended audience".

Is there an extension or another way to include such information as well
in the metadata file?

Best Regards
Lukas

-- 
-------  SWITCH - The Swiss Education & Research Network  ------
Lukas Haemmerle          NetServices       http://www.switch.ch/
SWITCH,  Neumuehlequai 6, P.O. Box,  CH-8021 Zurich, Switzerland

 Tel: +41 44 268 15 64  Fax: +41 44 253 98 98