>>> On 21/07/2008 at 15:47, in message
<[log in to unmask]>, Rhys
Smith <[log in to unmask]> wrote:
> 
> Nope, the intention of the script it to
> a) Go to the directory to read all existing values of the entitlement 
> attribute
> b) Go to the directory to read the person's affiliation values, then add 
> the common-lib-terms value based upon those affiliation values.

> The script as-is looks at an attribute called "eduPersonAffiliation" in 
> your directory and then makes the decision whether or not to add the 
> common-lib-terms entitlement based on that person's affiliation value. 
> Simply change the name of the attribute it's looking at to make it work 
> with your directory (e.g. i'm storing eduPersonAffiliation in an attribute 
> called "CardiffShibAffiliation", i'd just point it to that).


OK, I think that's a bit of a waste then.  The real advantage of scriptlet attribute definition is that you don't need to store the eduPerson attributes separately in your directory at all!!   The information is already there albeit in a different form that you will use a scriptlet to manipulate.   For instance, the first letter of the attribute "workforceID" in our directory is M, U, P or X depending on wether you're staff, undergrad, postgrad or external.  From this I can derive eduPersonAffiliation.  I don't need to go storing extra values like staff, student etc in yet another attribute in the directory which  I would have to keep synced.


> 
> Not quite sure what you mean by "the local shibboleth value" - Shibboleth 
> doesn't store any values, it can only get values from an attribute store 
> or do some scripting based on such values... How are you getting the 
> affiliation value to release?

What I mean is eduperson Attributes you have already calculated/derived/set in a different Attribute Definition.

I already have a different scriptlet that sets the value of eduPersonAffiliation according to the values in "workforceID" as I mention above.
I thought what you were suggesting to the world was that you could reuse the attribute eduPersonAffiliation you've already set in the calculation of eduPersonEntitlement, i.e. without having to duplicate the bit of script that calculates it, I thought that was what the line:

   <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation" />

was supposed to do, give you access to the ePA you "made earlier".

It doesn't matter, I've just duplicated the bit of script that I had in ePA into the scriptlet for ePE, I was just trying to be a good programmer and reuse attributes, not duplicate bits of code!

Andy 





The University of Dundee is a registered Scottish charity, No: SC015096