Shibboleth Developers

[Chad La Joie <>]

The new Shibboleth Attribute Resolver allows deployers to configure both 
the name and namespace for SAML 1 attributes, however this information 
is not *required* (and for various reasons really can't be).  As we are 
trying to do throughout Shib 2 we're attempting to establish reasonable 
defaults in this area.  Certainly it seems like treating values as 
strings is a reasonable default.  Using the attribute ID as the 
attribute name also seems pretty reasonable.

However, we'd like some guidance on what namespace to use.  The current 
one, urn:mace:shibboleth:1.0:attributeNamespace:uri, is defined, amongst 
other things, to indicate that the attribute name is a URI.  People are 
almost certainly not going to define attributes in their resolver and 
filter policies in URI notation because it's needlessly verbose.  So, 
what namespace should we use?  One option is to use the SAML 2 
"unspecified" URI (this in in fact what we do for SAML 2).  Another 
would be to make up one (e.g. 
rn:mace:shibboleth:1.0:attributeNamespace:unspecified).

What do people think?  Use the SAML 2 URI, make up one, some third option?
--
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124