Subject RE: use of eduPersonEntitlement
From "Rod Widdowson" <rdw@xxxxxxxxxxxxxxxxxxxx>
Date Wed, 15 May 2013 15:47:08 +0100

> I wonder how mesh federations handle this? What IDP software allows you
> to easily filter on attribute values? I know simplesamlphp can, but I'm
> sure about others.

Because I have my head in the Shibboleth attribute filter code I can state
categorically that the Shibboleth IdP supports this in V2, will support it
in V3 (and I'm pretty sure that V1 had ARPs to do it as well).  It seems to
me that not being able to control what you release to who would be a pretty
monumental security issue in any SAML entity implementation.