On 26 Jan 2011, at 13:57, Alistair Young wrote:
> From what I've read so far on this thread (and it's a really helpful thread btw) it's a 50/50 split between losing and preserving personalisations.
I'm probably going to repeat some of what's already been said, here...
It all depends on the implementation at the SP.
Whether you're using Shib 1.x or 2.x, the Computed/StoredID generator will create the same hashed value given the same input attribute (usually username) (N.B. unless you're using the stored connector and have revoked a hash, in which case it generates a different value in a different format). It's only the fluff surrounding the hash that will change (i.e. HASH@scope to idpname!spname!HASH).
So, SPs who have coded their web applications to take the hash as the thing to base personalisation on will work as before when an IdP upgrades. For SPs who have coded to take the complete full string (hash@scope or idpname!spname/hash) personalisation will break.
(For those SPs out there (and anyone else interested), note that there are very helpful attribute mapping rules in the attribute-map.xml file that can automagically convert from one format to the other and thus expose the original format even when the IdP sends the new format, should you be personalising based on the full string - so that you don't have to change the code in your web application).
The experience at Cardiff is that a few SPs were stymied by the change in format when using SAML2 and thus personalisation was lost, but the majority just worked. Though it's also important to note there that the majority of traffic on the UK fed is still SAML1 (it will be if you go via the UK fed WAYF). So it might be a problem that will be encountered more in the future...
HTH,
R.
--
----------------------------------------------------------------------
Dr Rhys Smith e: [log in to unmask]
Engineering Consultant: Identity & Access Management (GPG:0xDE2F024C)
Information Services,
Cardiff University, t: +44 (0) 29 2087 0126
39-41 Park Place, Cardiff, f: +44 (0) 29 2087 4285
CF10 3BB, United Kingdom. m: +44 (0) 7968 087 821
----------------------------------------------------------------------
|