Shibboleth Developers

[Thomas Lenggenhager <>]

Mahabalagiri, Datta wrote:
> How are people managing AttributeFilterPolicy in IdP 2.x? At UCLA we
> will have to manage the policy for potentially hundreds of SPs. Our
> policy dictates that we release attributes only upon approval from data
> stewards. This creates different sets of policies for different SPs.
> Manual editing is the last option for us. I am looking for an
> administrator tool to centrally manage the release policy for SPs. I am
> curious how Idp admins have dealt with this.

In SWITCHaai, we use the Resource Registry to manage the attribute
requirements of the SPs and default and specific attribute release
policies of the IdPs.

Out of that information centrally collected, the Resource Registry
provides tailored attribute-filter files for the IdPs.

You can get a glimpse at it in its documentation:
  https://www.switch.ch/aai/docs/AAI-RR-Guide.pdf

The Resource Registry was programmed in PHP5 and requires the PEAR
QuickForm libraries as well as a MySQL database. For X.509 related
functions openssl also has to be installed.
It is under a BSD-like license and available on request. But be warned,
it was developed for the SWITCHaai federation so  it is by no means a
plug-and-play tool for your federation. It needs quite a bit of tailoring.

Lukas Hämmerle, the developer of the Resource Registry, prepared also a
screencast on how to register an SP in the Resource Registry:
http://www.switch.ch/aai/downloads/ResourceRegistrationScreenCast-Medium.mov


Regards,
Thomas

-- 
SWITCH
Serving Swiss Universities
--------------------------
Thomas Lenggenhager
P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 1505  direct +41 44 268 1541
http://www.switch.ch