Hi,
two, slightly orthogonal questions regarding SAML processing capabilities:
1) Is it possible to do SAML2 Attribute Query (aka SimpleAggregation
AttributeResolver) at the SP side of Moonshot?
2) Is it possible to do make authorisation decisions based on SAML
attributes, such as "require affiliation foo && require entitlement bar"?
The idea would be to implement an SSH server for active members of
institutions (=affiliation from the IdP) that are registered to a VO
(=entitlement, retrieved from an AA). My naive approach would be to use
1) + 2), but better ways may exist.
Thanks in advance,
Kristof
|