Skip to Content.
Sympa Menu

shibboleth-dev - RE: [Shib-Dev] [IdPv3] Attribute Filter Work

Subject: Shibboleth Developers

List archive

RE: [Shib-Dev] [IdPv3] Attribute Filter Work


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>
  • Subject: RE: [Shib-Dev] [IdPv3] Attribute Filter Work
  • Date: Thu, 3 Jun 2010 12:27:41 -0400
  • Organization: The Ohio State University

> In the Jananese implementation I found it to be quite clear, with
> those attributes that would lead to a loss of access to the service
> (which are therefore marked mandatory in the SP's metadata) being as
> they are in uApprove today (i.e., cannot be opted out individually,
> only by denying the transmission as a whole). Only those that are
> truly optional (i.e., the SP can either operate without those or will
> e.g. ask the user in the application) can be handled individually.

I see.

> I'm not sure I understand that, but asking for more detail may be
> taking the current thread too far.

I'll use a more appropriate thread.

> But if UI/UX experts (though M$ not exactly has a great reputation in
> that regard) have discarded that approach and there are alternatives,
> I'd certainly like to know more about those.

I think MS is actually regarded pretty highly in that area and I know they
spend a lot on that kind of testing. I do know that they definitely
discarded it, and said so pretty firmly in the early days of releasing it.

At the time, I viewed that as a problem if for no other reason than that we
should hardly be pushing models via browser that wouldn't work with the
pervailing active client model. (I have the same feeling about logout, for
example.) Of course, Cardspace has gone pretty much nowhere, so I suppose
there's no evidence that the prevailing active client model would become
that.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page