Shibboleth Developers

["Cantor, Scott E." <>]

On 4/12/11 8:17 PM, "Bradley Beddoes" 
<>
 wrote:
>The only decision the federation is making is if the set of attributes
>the service is requesting is appropriate. This is determined by AAF
>administrators reviewing SP registrations within our toolset and when
>necessary having direct conversations with SP admins.

Sure. But it's avoiding the issue to say that's all you're doing if
there's even an implicit suggestion that IdP deployers should automate
their release policies.

>Once we've determined with the service the approved set of PII they
>require to operate is this is reflected in generated filters. I'll
>just highlight again there is no requirement for any IdP to use
>automated filters and they can choose to go a manual path if desired.

Yes, but you also said "a few people are manually doing this", which
suggested to me that the majority are just sucking in what you generate.
That isn't a new idea, I understand that to be common in some federations.
But it seems to be viewed as impossible in the US.

>Overall the important component of this discussion is that for us
>having the ability to provide users with a description in the consent
>UI of how the service will utilize each piece of the PII they are
>going to release would be highly desirable.

That's what ServiceDescription is for.

-- Scott