Shibboleth Developers

[Brent Putman <>]

On 2/17/11 12:46 AM, Nate Klingenstein wrote:
>
> 2)  They'd like to include a verbal explanation of why an
> <md:RequestedAttribute> is requested.  This would be useful both to
> the user and administrator, but primarily intended for display to the
> user during consent acquisition.  This would preferably be multivalued
> in order to support multiple locales, but something like:
>
> <md:RequestedAttribute ...>
> <mdui:Description lang="en">usage of this attribute</description>
> </md:RequestedAttribute>
>


This wouldn't be schema-valid per SAML 2.0 metadata spec, the complex
type underlying RequestedAttribute is not extensible in that way.


> rather than:
>
> <md:RequestedAttribute mdui:description="usage of this attribute" .../>


This is legal, the underlying complex type does have an anyAttribute
wildcard.  In fact, this is pretty much the only way I can see at the
moment that the RequestedAttribute element itself could be extended to
carry this information.

The only other way that comes to mind would be to locate this new info
inside the SPSSODescriptor/Extensions, and then reference the
corresponding RequestedAttribute to which it applies via a combination
of the AttributeConsumingService index and RequestedAttribute name and
format.  Although that is obviously pretty hairy and I hesitate to even
suggest...


>
> apparently involves more extensive modification of OpenSAML. 


The latter approach (attribute-based) wouldn't require any modification
to OpenSAML, it already has support for the anyAttribute wildcard that
that element can carry.

--Brent