> -----Original Message-----
> From: Discussion list for Shibboleth developments [mailto:JISC-
> [log in to unmask]] On Behalf Of Peter Schober
> Sent: 21 February 2014 12:44
> To: [log in to unmask]
> Subject: Re: Calculating attributes on the fly or use local DB?
>
> * John Horne <[log in to unmask]> [2014-02-21 13:11]:
> > My question though is, is it worth using a DB to store/lookup the value?
>
> If you:
> - don't want to support revoking/giving out new ePTIds to users, *and*
> - have stable identifiers for all your subjects that will never, ever
> change, *and*
> - know neither your IDP nor any SP will ever change their entityID then you
> can get by without storing them.
>
[Andy Swiffin]
Having adopted Shibboleth way back in the very early days of Shibboleth 1.3 and having noted these dire warnings when I moved us over to Shibboleth 2, I still haven't had a need to revoke a computedID. I'm prepared to live with users loosing customisation if an SP changes entityID (which AFAIK has never happened) and so we continue to compute eptid on the fly.
Rod's assurance re the facility continuing is reassuring, though I suspect there would be many who just would not upgrade if it were removed (and bearing in mind how difficult it is to get people to upgrade anyway.....)
Andy
The University of Dundee is a registered Scottish Charity, No: SC015096
|