Shibboleth Developers

["Scott Cantor" <>]

> So let me see if I understand what you're saying.  You want to extend
> BaseNameIdentifierMapping with an abstract class that consolidates
> PrincipalNameIdentifier, X509SubjectNameNameIdentifierMapping,
> EmailAddressNameIdentifierMapping.  This abstract class would support
> a generalized template/pattern mechanism similar to what
> X509SubjectNameNameIdentifierMapping does now.  Then any
> implementation of a SAML name identifier (except perhaps transient and
> persistent) would be a simple extension of this abstract class.
> 
> Is this what you're suggesting?

I think so, yes. The specific Format on the wire was something to be imposed
on top of the NameIdentifierMapping plugin itself. A more exotic version
could even apply a different pattern to different Formats and then support
multiple Formats at once.

In much the same way, the attribute plugins today are structural. They don't
know *what* attribute you're trying to build, they just apply a set of rules
to build it. I think the NameID plugins should be similar.

Persistent and transient have actual semantics and mostly *lack* structure,
so in that sense they're different. Just like we have a custom plugin for
eduPersonTargetedID, and not just because of the XML syntax.

-- Scott

<<attachment: winmail.dat>>