Shibboleth Developers

[Simon McLeish <>]

Hi Scott,

Scott Cantor wrote:

>>In terms of metadata publishing, what about having the equivalent of a
>>Z39.50 explain function (but usable, obviously), which would be a
>>request to an IdP or SP that would get back some human readable,
>>configurable data (such as "If you want to use these services, your IdP
>>must release at least the following attributes"
>>    
>>
>
>The problem with this (and it applies to putting it in central metadata as
>well) is that authorization policy isn't always public. Putting policy in
>metadata may require that we look at how to authorize access to it.
>
>  
>
Presumably it would be up to the SP/IdP to decide whether to disclose it
or not - the question "tell me about yourself" could be answered by
"shan't!". I mean this to be an on/off switch, not doing any complicated
authorisation decision making, so that by including or not including the
information in the configuration, the SP/IdP administrator makes the
decision whether or not it should be public.

>>and service
>>descriptions) and some machine readable data that would be at least the
>>basis of metadata (i.e. basically what you'd need to add a unique
>>identifier to to get metadata). This may be included in Tom's suggestion
>>(depending on what metadata consumption means, I guess).
>>    
>>
>
>Would we want to publish something that isn't quite metadata rather than
>just exposing the metadata directly?
>  
>
I was thinking that the metadata manager would need to put together a
unique ID - unless the IdP and SP are going to create their own
permanent ones? That was all I was expecting to need to be done to the
output of such a function.

Simon