* Kristof Bajnok <
baj...@niif.hu> [2015-11-13 14:35]:
Thanks, Kristof (and folks at NIIF), that's great!
Getting that into SSP proper (and maybe even shipping it enabled by
default!) would be great. Then at least going forward SAML SPs
recieving eduPerson attributes could easily protect themselfs from
incorrectly/fraudulently scoped attributes.
The default values for the 'attributesWithScope' array can be picked
from the eduPerson spec,
http://macedir.org/specs/eduperson/#Scope
I.e., array('eduPersonPrincipalName', 'eduPersonPrincipalNamePrior',
'eduPersonScopedAffiliation', 'eduPersonUniqueId')
Note that oid2name.php (and name2oid and others) are still missing
entries for 'eduPersonPrincipalNamePrior' and 'eduPersonUniqueId'.
(Many of the maps have other issues as well, I'm just pointing these
out here since the attributesWithScope'array wouldn't work unless
entries in the oid2name attribute map for those attributes existed.)
The README.md and/or project description could maybe use a link to
SimpleSAMLphp somewhere (though it's clear from the repo name) but
if we're aiming at inclusion within SSP proper then that's all
irrelevant. ;)
-peter