Refeds


Subject Re: use of eduPersonEntitlement
From Peter Schober <peter.schober@xxxxxxxxxxxx>
Date Thu, 16 May 2013 10:43:30 +0200

* Niels van Dijk <niels.vandijk@xxxxxxxxxx> [2013-05-16 00:46]:
> And we are indeed patching so we also allow to *only* release either
> urn:mace or urn:oid attributes towards an SP

I don't see how that would be necessary, unless something is still a
bit off ;)
According to the MACE-Dir SAML Attribute Profiles[1] -- which specify
the use of the eduPersonEntitlement attribute for use within SAML --
the urn:mace:attribute-def:foo names are only to be used with SAML1
and urn:oid only with SAML2.
So from the same hub&spoke to the same SP there should only ever be
one variant, AFAIU.
-peter

[1] as linked from http://middleware.internet2.edu/dir/