--
Chad La Joie
http://itumi.biz
trusted identities, delivered
If I'm able to duck out for the call, I'd like to discuss the MDX/Query metadata plugin that's planned for 2.3 and some feature questions/limitations on it. I may have a chance to put a first draft together sooner than that anyway, in which case I'll probably circulate questions to the list.
-- Scott
It is probably good that I missed the Thursday the 18th cutoff :-)
I am interested in an ldap interface to the attribute resolver. While
probably no one in their right mind would position the IdP as a
directory, an ldap interface might allow an IdP to act as a backend to
a real directory, such as openldap or apache ds v2. A read-only ldap
interface (search) might be possible and I think similar to SAML
attribute requests ?
I am also interested in an external authorization manager, something
like a XACML PDP, as an attribute filterer.
Perhaps pipe dreams.
Actually, the likely overlap between an LDAP interface and the features in
SAML are things we don't support much, if at all, like filtering
attributes or values from the request side.
And of course LDAP lets you "search", whereas the IdP really can only
lookup via a key that is resolved from a SAML Subject.
>I am also interested in an external authorization manager, something
>like a XACML PDP, as an attribute filterer.
Given the challenges we've had trying to figure out how XACML could work
as a filtering policy language, and more recently as a possibly way to
handle metadata-based consent (we talked about that in Edinburgh at the
dev F2F), it would be interesting work to have somebody explore it.
-- Scott
> Date: Thu, 17 Mar 2011 07:20:40 -0700
> From: Tom Zeller <tze...@memphis.edu>
> To: shibbol...@internet2.edu
> Reply-To: shibbol...@internet2.edu
> Subject: Re: [Shib-Dev] 24/3 Dev Meeting, Request for Topics
Your pipe has better stuff than my pipe.
Jim
Good point. I need to understand better how OpenLDAP and ApacheDS
support custom backends.