Shibboleth Developers

[Peter Schober <>]

* Huneycutt, Karsten 
<>
 [2010-06-22 19:53]:
> > - Ability to disable the engine for some or all SPs.  By default it will 
> > be enabled for all SPs.
> 
> How about disabling the engine for entity groups (like attribute
> filter policies)?  This will allow us to group approved business
> applications (the campus portal, the ERP system, etc) under an
> entity group -- which may or may not be a good thing.

Sounds good, since I'm also currently basing attribute release
policies on <EntitiesDescripor>s.

> "only ask again when the data to be sent to the SP changes" implies
> that this will keep a shadow copy of the user's attributes.  If that
> will be the case, that seems inefficient, and many of us already
> have systems that can notify/take action when an attribute value
> changes.   Can we have a way to let that decision be made by that
> system and NOT keep a shadow copy on the IdP consent engine?

A hash over all attributes and all values will suffice. At least that
is what the WAYF.dk people are doing in their central consent engine
(in an otherwise distributed federation).
-peter