Subject Re: entity category work?
From Olivier SalaŁn <olivier.salaun@xxxxxxxxxx>
Date Fri, 26 Apr 2013 14:29:41 +0200

Le 26/04/13 13:23, Nicole Harris a écrit :
Has anyone done  any more work on entity categories since I wrote up this conversation:

I'm in the process of writing something up for the REFEDS SC and the next meeting.
We have defined SP categories within our federation. We have two kinds of categories: type of service (groupware, elearning, e-documentation, etc) and target population (national, community, local). These informations are populated by SP admins while registering their SP. Categories is used for 1) publishing purpose (classification of SPs on the federation web site) and 2) generating Shibboleth attribute filters that IdP use instead of maintaining filters manually.

Comments and evolutions:

We have limited use cases of attribute filters that group SPs by type of services; most IdPs use attribute filters that gather SPs regarding their target population (national, all).

Currently our federation metadata neither include RequestedAttribute elements (to declare user attributes expected by an SP) nor SP categories.

Now that Shibboleth IdP (2.4.0) natively includes the feature mentioned in <> as a uApprove plugin, we might give up the attribute filters generation approach and complete our federation metadata with RequestedAttribute and SP categories.

We also have use cases of SPs targeted at a group of IdPs. The SP needs a subset of the federation metadata to build its Discovery Service. The IdP needs attribute filtering for the groups he belongs to. Some group of universities are even building their own federation to achieve this. We would like to provide some kind of sub-federation service, provided by our national federation registry. The federation metadata (or sub-federation metadata) could include
categories to tag SPs/IdPs belonging to such groups of entities.


Olivier Salaün

Services Applicatifs aux Utilisateurs (SAU)
Tél : +33 2 23 23 71 27 ou 06 73 29 40 52