Bug 6409

Summary: improve attribute acceptance policy
Product: GridShib Reporter: Tom Scavo <trscavo@gmail.com>
Component: GT pluginAssignee: Tom Scavo <trscavo@gmail.com>
Status: NEW    
Severity: normal CC: gridshib-dev@globus.org
Priority: P3    
Version: 0.6   
Target Milestone: beta   
Hardware: All   
OS: All   
Bug Depends on: 6406, 6407    
Bug Blocks: 6412, 6536    

Description From 2008-09-22 09:59:04 
Implement the following policy in AttributeAcceptancePIP:

- If the issuer is a trusted issuer, the security item is accepted.
- If the issuer is an untrusted issuer and the security item is a self-asserted
attribute, the security item is accepted.
- If the issuer is an untrusted issuer and the security item is a SAMLIdentity,
the security item is accepted.
- All other security items are not accepted.

Implement configuration parameters that make it easy for deployers to make such
policy decisions.