Hi,
I've been tweaking the moonshot-targeted-id policy file, which will allow IdPs to send the Moonshot-Host-TargetedId, Moonshot-Realm-TargetedId and Moonshot-TR-COI-TargetedId attributes to RP proxies.
In an effort to make things a bit easier for people, specifically to allow the policy to reasonably automatically update the correct reply from inner-tunnel, I've had to set a flag. Because this flag needs to be available from all three policies, I thought the best place would be to pop it into the VSA dictionary for Janet (dictionary.ukerna).
Are there any objections to doing that? If there are, I'll have to start using one of the Tmp-* attributes, which may or may not overwrite other values (which really goes against what I'm trying to do).
This is the attribute:
ATTRIBUTE TargetedId-Outer-Reply 141 integer
It goes into control: since as Matthew and others pointed out at the workshop in October, control: does not live beyond the server, so it'll automatically be quenched once the reply leaves the IdP.
I attach the updated policy for your inspection (to see how the attribute is used).
Stefan Paetow
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: [log in to unmask]
skype: stefan.paetow.janet
Janet, the UK’s research and education network.
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
|