Shibboleth Developers

[Walter Hoehn <>]

Great!  I think a little more is required, though.  Note that you  
need these dependencies even if the attribute requirements are  
specified by the SP.  In this case, listPossibleReleaseAttributes()  
isn't called, if I'm remembering correctly.

Can you open a bugzilla feature request on this so that it doesn't  
accidentally roll off of my plate?

-Walter


On Apr 25, 2006, at 3:19 PM, Will Norris wrote:

> I've posted an update to the code to include a problem Walter  
> helped identify after the Shib working group yesterday.
>
> I updated ArpEngine.listPossibleReleaseAttributes() to also include  
> those attributes necessary to compute constraints, even if they  
> aren't actually going to be released.  I also renamed the function  
> to better identify what it is doing.
>
>
>
> On Apr 19, 2006, at 6:57 PM, Brendan Bellina wrote:
>
> > USC has completed development and testing of a patch for  
> > Shibboleth 1.3 that allows ARP's to be constrained by user  
> > attributes.  The intent is to allow Identity Providers to  
> > constrain the unneeded or undesired release of attributes to  
> > service providers.  A white paper describing what we have named  
> > "Rule Constraints" and the patch code is available at the website  
> > <http://isd.usc.edu/~bbellina/gds/software/shibboleth/>.  Will  
> > Norris, who authored the patch, will be attending the Shib WG  
> > session at the upcoming I2 Member Meeting and will be available to  
> > answer any questions.  We hope that this will prove to be a useful  
> > offering to the Shibboleth community and welcome any feedback.