Bug 6477 – acceptance of scoped attributes

Bug 6477 - acceptance of scoped attributes

Summary:

acceptance of scoped attributes

Status:	NEW

Product:	GridShib
Component:	GT plugin
Version:	0.6
Platform:	All All

Importance:	P3 enhancement
Target Milestone:	beta
Assigned To:	Tom Scavo

URL:
Keywords:

Depends on:	6427
Blocks:	6536
	Show dependency tree / graph

Reported:	2008-10-15 14:15 by Tom Scavo
Modified:	2008-12-14 16:24 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Tom Scavo 2008-10-15 14:15:17

Introduce a scoped attribute check into AttributeAcceptancePIP.  To accept a
scoped attribute (e.g., eduPersonPrincipalName or eduPersonScopedAffiliation),
the asserted scope must be known to be associated with the SAML issuer.

There are at least three implementation approaches: 1) add a field to the
existing entity map; 2) implement a new, flat file-based mapping file with
(entityID, scope) ordered pairs; or 3) implement SAML metadata.  The
implementation choice must be consistent with the implementation of the
one-to-many mapping of entityID to DNs (Bug 6427).

------- Comment #1 From Tom Scavo 2008-10-20 14:37:21 -------

(In reply to comment #0)
> 
> There are at least three implementation approaches: 1) add a field to the
> existing entity map; 2) implement a new, flat file-based mapping file with
> (entityID, scope) ordered pairs; or 3) implement SAML metadata.

It seems option (2) makes most sense at this time.  Moreover, since multiple
scopes are allowed, the mapping file will take the form 

(entityID, scope1, scope2, ...)

This requires some modification to the EntityMap interface.