Michael White wrote:
> So, should I go with PersistentIDAttributeDefinition as recommended
> in the UK Fed documentation, or with SAML2PersistentID as recommended
> in the Shib files (and on the ShibWiki)? What are others doing
> (and does anyone know what the difference is)?
The eduPerson definition of eduPersonTargetedID changed between two
different versions of the specification. As you say, the UK federation
currently recommends use of the older form, although Service Providers
are recommended to handle both (ours do), so you could use either:
see section 7.1.3 of Technical Recommendations for Participants for
explanation of the issues in greater depth:
http://www.ukfederation.org.uk/library/uploads/Documents/technical-recommend
ations-for-participants.pdf
The harder question for you is whether to use the automatic hashing
mechanism in resolver.xml (easy to implement) or generate the values
yourself and store them in a database (harder to do, but seen as
best practice as it should be more robust over future changes,
even though few implementations yet do it).
Fiona.
|