Shibboleth Developers

["Cantor, Scott E." <>]

>Filters themselves provide a level of automation but no IdP is required
>to utilize them. Many folk of course do, others download with cron and do
>manual local updates very few still manually manage policies themselves.

I guess maybe this is one of those constant disconnects here in the US,
but the idea of devolving that decision making to anybody other than maybe
the user (via consent) is definitely foreign to me. I just can't imagine
that ever being a federation decision, and isn't that what automating it
(via cron or whatever) would be doing?

>Regardless the requirement is the same, IdP within the AAF most only
>disclose PII each service specifically requires.

Right, but who decides whether it's appropriate to release *anything* to a
particular service?

-- Scott