-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/04/2011 05:34 PM, Joni Brennan wrote:
In the spirit of "something called for" I've heard grumblings regarding the desire (need?) for an org to take on comprehensive attribute schema mapping. I see from search that some of this appears to be happening at a bi-lateral level but perhaps not on a larger multi-lateral scale. Do AM-DG people/orgs have thoughts about this and could it be an interesting track to pursue?
Somewhat related I recently had a discussion about declaring required attribute profiles in relying party metadata. Deployment experience has shown that the currently supported model that allows an RP to express required and optional attributes in metadata doesn't allow enough wiggle-room to accommodate differences between semantically equivalent attributes that occur in the wild. For instance if an RP needs a humanly readable name for a person you can use any one of givenName+sn or cn or displayName. None of these three options is more "right" and all occur frequently. In an interfederation situation (your RP is a member of multiple federations) then the RP already needs to support all alternatives in code however there is no way to express support for these multiple options in metadata. I suggest we should investigate adding a layer-of-indirection whereby a RP would assert the need for the "humanly displayable name" attribute profile, possibly using an entity attribute. Cheers Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6LRFsACgkQ8Jx8FtbMZneSEACcDq2mHAUh5j9nL/tOb5+GKtmW nToAn0BrDCMvHT/mri0DQprXLnDOxBrP =ehfh -----END PGP SIGNATURE-----