Bug 4281

Summary: update to IdP metadata template
Product: GridShib Reporter: Tim Freeman <tfreeman@mcs.anl.gov>
Component: Shibboleth IdP PluginAssignee: Tom Scavo <trscavo@gmail.com>
Status: RESOLVED FIXED    
Severity: normal CC: gridshib-dev@globus.org, tfreeman@mcs.anl.gov, vwelch@uiuc.edu
Priority: P3    
Version: 0.4.4   
Target Milestone: beta   
Hardware: PC   
OS: Linux   

Description From 2006-03-11 16:18:12 
The sample metadata template in the NameMapper plugin:

gridshib/idp/data/gridshib-idp-metadata-template.xml

.. has this comment:

        Zero or more saml:Attribute elements are included here.
        (Since these elements are currently not used by grid
        service providers, they are more for documentation purposes
        than anything else.) 

Now that the GT module is aware of Attribute elements, this parenthetical remark
should be updated or deleted.  

I'll post a link here to the relevant documentation once it is online.
------- Comment #1 From 2006-03-12 11:17:58 ------- 
I've read the documentation:

http://gridshib.globus.org/docs/admin-index.html#metadata-attr-optimization

I agree this is a useful optimization provided the following are true:

1. It is OFF by default (which evidently it is).
2. If it is ON and there are no Attribute elements in the IdP metadata, the
optimization is short-circuited (i.e., the query proceeds).

I recommend the comment be changed as follows:

        Zero or more saml:Attribute elements are included here.
        A Grid service provider may choose not to query the AA 
        based on the attributes in this list, therefore this list 
        MUST be comprehensive.  Since no method of dynamic metadata
        exchange currently exists, it is recommended that IdPs
        omit this list entirely.

At least two things are needed before we can recommend otherwise:

- A tool that produces IdP metadata from the underlying IdP configuration
- A simple method of publishing IdP metadata
------- Comment #2 From 2006-03-12 11:45:29 ------- 
OK, makes sense.  I just verified that your point #2 is in the code, the
optimization treats 0 attributes as a signal to NOT disable the query.  Your new
comment text looks good to me, thanks.
------- Comment #3 From 2006-03-12 14:16:04 ------- 
The comment in the IdP metadata template has been modified in my sandbox.
------- Comment #4 From 2006-05-24 11:15:20 ------- 
The updated IdP metadata template has been committed to CVS.