Thanks folks for the helpful responses.
Since no-one has said that going with PersistentIDAttributeDefinition is
a bad idea, I'm more than happy to go with this as it is, after all, the
approach currently recommended by the UK Federation :-).
I am, though, also interested in the idea of investigating the database
approach for eduPersonTargetedID (we're still very early in our
implementation, so plenty of time to change tack!) - is there anyone out
there already doing this who would be willing to share what you've done
(code, DB schemas, resolver configuration etc would be nice :-) ) to
give the rest of us a leg-up?
Cheers,
Mike
Michael White
eLearning Developer
Centre for eLearning Development (CeLD)
S7, The Library
University of Stirling
Stirling SCOTLAND
FK9 4LA
Email: [log in to unmask]
Tel: +44 (0) 1786 466877
Fax: +44 (0) 1786 466880
http://www.is.stir.ac.uk/celd/
-----Original Message-----
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]] On Behalf Of Fiona Culloch
Sent: 07 June 2007 15:51
To: [log in to unmask]
Subject: Re: eduPersonTargetedID question
Michael White wrote:
> So, should I go with PersistentIDAttributeDefinition as recommended in
> the UK Fed documentation, or with SAML2PersistentID as recommended in
> the Shib files (and on the ShibWiki)? What are others doing (and does
> anyone know what the difference is)?
The eduPerson definition of eduPersonTargetedID changed between two
different versions of the specification. As you say, the UK federation
currently recommends use of the older form, although Service Providers
are recommended to handle both (ours do), so you could use either:
see section 7.1.3 of Technical Recommendations for Participants for
explanation of the issues in greater depth:
http://www.ukfederation.org.uk/library/uploads/Documents/technical-recom
mend
ations-for-participants.pdf
The harder question for you is whether to use the automatic hashing
mechanism in resolver.xml (easy to implement) or generate the values
yourself and store them in a database (harder to do, but seen as best
practice as it should be more robust over future changes, even though
few implementations yet do it).
Fiona.
--
The University of Stirling is a university established in Scotland by
charter at Stirling, FK9 4LA. Privileged/Confidential Information may
be contained in this message. If you are not the addressee indicated
in this message (or responsible for delivery of the message to such
person), you may not disclose, copy or deliver this message to anyone
and any action taken or omitted to be taken in reliance on it, is
prohibited and may be unlawful. In such case, you should destroy this
message and kindly notify the sender by reply email. Please advise
immediately if you or your employer do not consent to Internet email
for messages of this kind.
|