Shibboleth Developers

[Peter Schober <>]

* Chad La Joie 
<>
 [2010-06-02 20:38]:
> - Implement a new filter plugin that can use information in an attribute 
> query and metadata to determine if attributes should be released.  The 
> general use case behind this is to allow service providers to ask for 
> particular attributes and have the IdP release what they ask for.  The 
> implicit assumption is that either other policies will be in place to 
> control the release of truly sensitive data or that user-approved 
> attribute release consent (e.g. uApprove) would be used.

Speaking of consent: I have no idea what is involved here (or whether
it might even be possible today, but I doubt it is) but it would be
great if the "flow" would be such, that it would be possible for a (or
preferrably: the one that comes integrated with the Shib IdP) consent
module to let people opt-in or opt-out to the release of specific
attributes (or values) and only then generate the signed and encrypted
assertion.
See also
http://tnc2010.terena.org/schedule/posters/index.php?poster_id=19
for an existing implementation.
-peter