shibboleth-dev - RE: [Shib-Dev] attribute-encoder.xml?
Subject: Shibboleth Developers
List archive
- From: Etan Weintraub <>
- To: "" <>
- Subject: RE: [Shib-Dev] attribute-encoder.xml?
- Date: Tue, 2 Feb 2010 16:36:13 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
Would it be possible to support it both ways? That way admins wouldn't
necessarily have to change their files, and could opt to do this later to
clean up their files.
-Etan E. Weintraub
Team Leader - Enterprise Authentication
Senior Systems Engineer - Enterprise Directory
IT@Johns
Hopkins
Johns Hopkins at Mt. Washington
5801 Smith Ave.
Suite 3110B
Baltimore, MD 21209
Phone: 410-735-7945
E-mail:
-----Original Message-----
From: Nate Klingenstein
[mailto:]
Sent: Tuesday, February 02, 2010 4:32 PM
To:
Subject: [Shib-Dev] attribute-encoder.xml?
Shibbolizers,
An idea struck me while trolling through another attribute-
resolver.xml file and talking to Chad. Would it be better if
attribute encoders were maintained in a separate file, like attribute
filters?
There's a lot of visual clutter that is added by the inclusion of the
attribute encoders in the middle of attribute definitions. They're
very rarely changed by deployers (though new ones are added), while
other parts of the resolver file, such as data connector dependencies,
would be changed more often. Furthermore, they're a distinct part of
the attribute system, though, and are only used later in the process,
outside of the resolver itself.
I'd really like to see the encoders placed into a separate attribute-
encoder.xml file. An attribute definition would then look like(though
the syntax might be further collapsible):
<resolver:AttributeDefinition id="uid" xsi:type="Simple"
xmlns="urn:mace:shibboleth:2.0:resolver:ad
"
sourceAttributeID="uid">
<resolver:Dependency ref="myLDAP" />
</resolver:AttributeDefinition>
and the corresponding part of attribute-encoder.xml would look like:
<AttributeEncoder attributeID="uid">
<resolver:AttributeEncoder xsi:type="SAML1String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder
"
name="urn:mace:dir:attribute-def:uid" />
<resolver:AttributeEncoder xsi:type="SAML2String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder
"
name="urn:oid:0.9.2342.19200300.100.1.1"
friendlyName="uid" />
</AttributeEncoder>
I'd also like the attribute-encoder.xml defaults to be uncommented in
the distribution. Since the corresponding attributes are already
commented out, I can't see any harm from doing so, but it would make
the IdP more approachable to deployers.
Anyone in favor or against?
Nate.
Attachment:
PGP.sig
Description: PGP signature
- attribute-encoder.xml?, Nate Klingenstein, 02/02/2010
- RE: [Shib-Dev] attribute-encoder.xml?, Etan Weintraub, 02/02/2010
- Re: [Shib-Dev] attribute-encoder.xml?, Chad La Joie, 02/02/2010
- RE: [Shib-Dev] attribute-encoder.xml?, Etan Weintraub, 02/02/2010
- RE: [Shib-Dev] attribute-encoder.xml?, Scott Cantor, 02/02/2010
- Re: [Shib-Dev] attribute-encoder.xml?, Leif Johansson, 02/03/2010
- Re: [Shib-Dev] attribute-encoder.xml?, Chad La Joie, 02/03/2010
- Re: [Shib-Dev] attribute-encoder.xml?, Leif Johansson, 02/03/2010
- RE: [Shib-Dev] attribute-encoder.xml?, Scott Cantor, 02/02/2010
- RE: [Shib-Dev] attribute-encoder.xml?, Etan Weintraub, 02/02/2010
- Re: [Shib-Dev] attribute-encoder.xml?, Chad La Joie, 02/02/2010
- Re: [Shib-Dev] attribute-encoder.xml, Kevin P. Foote, 02/02/2010
- Re: [Shib-Dev] attribute-encoder.xml?, Paul Hethmon, 02/02/2010
- Re: [Shib-Dev] attribute-encoder.xml?, Jim Fox, 02/02/2010
- Re: [Shib-Dev] attribute-encoder.xml?, Chad La Joie, 02/02/2010
- Re: [Shib-Dev] attribute-encoder.xml?, Jim Fox, 02/02/2010
- Re: [Shib-Dev] attribute-encoder.xml?, Chad La Joie, 02/02/2010
- RE: [Shib-Dev] attribute-encoder.xml?, Etan Weintraub, 02/02/2010
Archive powered by MHonArc 2.6.16.