On Mon, Sep 13, 2010 at 01:13:46PM -0400, Scott Cantor wrote:
> > Well... initially I proposed to implement this with OpenSAML, as I'd done
> > for the Kerberos authorisation data plugin, but I was advised that this
> was
> > the incorrect level of abstraction, and Shibboleth should be instead used.
>
> I think perhaps that *neither* is the correct level of abstraction,
> possibly, but basically it depends on what the applications wants to *do*.
> Do I think applications want raw SAML attributes? No, I don't. But
> standardizing anything else inside of GSS is probably difficult.
Difficult... A complete set would be difficult, but only because it'd
be large. A useful set of "cooked" attributes (the alternative to raw)
should not be too difficult.
What kinds of SAML attributes are we talking about anyways?
Nico
--
|