Shibboleth Developers

["Scott Cantor" <>]

>   I can do that if the persistent identifier is expressed as an 
> attribute, but I don't see how I can do it if it's expressed as a 
> NameID, even with NameIDPolicy.

You can't do it with NameIDPolicy, because that indicates a specific
requirement. You could do it with metadata, though probably not
interoperably, by listing both types in order of preference. I don't think
you'd find many products actually using the metadata that way though, it's
underspecified in those kinds of areas.

But I also doubt if most products will support attribute metadata either, so
I don't think that helps.

> I'm not unhappy with that -- passing the optional thing as an attribute 
> is what we do now -- I'm just trying to understand your earlier 
> statement about not seeing much use for attribute ePTI.

We can clearly do it either way, and commercially speaking, you've got
built-in support for these identifiers and probably no support for the
attribute, so which one should we be focusing on?

Also, one is part of the standard, and the other is an attribute defined in
a community. I think the former trumps the latter.

There's really not much point in debating the usefulness of a feature that
isn't going to be removed, though.

-- Scott