Shibboleth Developers

["Cantor, Scott E." <>]

>yes, that's the problem I was referring (isRequired and OR problem). It
>doesn't affect the look and feel of the GUI, but it does affect the
>processing behind the GUI. I think it would be useful to get some
>community reaction to these questions.

Well, I don't think "not follow the standard" is an appropriate strategy,
as I said in the private thread you're talking about. In that light, using
isRequired in any sensible way with both uApprove and the proposed v3
implementation is a non-starter, and will both not be useful and will
prevent attribute flexibility in terms of SAML versions and specific
attribute variants (displayName vs. cn).

So we concluded, and I will document, that metadata publishers should
avoid it and we should ignore it or react non-usefully in some predictable
way.

I'm not sure that I'm going to be convinced by feedback of "just ignore
the standard", even if that's the popular opinion.

>There are already examples of people experimenting with GUIs that
>support optional attributes:
>
>https://www.gakunin.jp/docs/fed/uapprove-jp

That's fine, but since there's no way to know whether the IdP will do
something useful with the feature or not, you can't really expect to use
the feature unless everybody is using that approach.

I think the answer is to assume that by the time we try and change things,
a new syntax will simply replace the old (possibly not even involving
metadata), and it will be an obvious change from old to new.

-- Scott