Shibboleth Developers

[Brendan Bellina <>]

USC has completed development and testing of a patch for Shibboleth  
1.3 that allows ARP's to be constrained by user attributes.  The  
intent is to allow Identity Providers to constrain the unneeded or  
undesired release of attributes to service providers.  A white paper  
describing what we have named "Rule Constraints" and the patch code  
is available at the website <http://isd.usc.edu/~bbellina/gds/ 
software/shibboleth/>.  Will Norris, who authored the patch, will be  
attending the Shib WG session at the upcoming I2 Member Meeting and  
will be available to answer any questions.  We hope that this will  
prove to be a useful offering to the Shibboleth community and welcome  
any feedback.

Regards,

Brendan Bellina


On Apr 10, 2006, at 9:31 AM, 

 wrote:

> We are actively looking into enhancing the ARP Resolver to allow a  
> release constaint to be defined in the ARP.  We intend to use it  
> primarily with edupersonEntitlement but it should work for any  
> attribute.  We hope to have something to announce (or at the least  
> discuss specifically) by the I2 Member meeting.
>
> Regards,
>
> Brendan Bellina
> USC