Subject Re: Re: [eduGAIN-discuss] mari plan & next steps
From "Cantor, Scott" <cantor.2@xxxxxxx>
Date Wed, 29 Oct 2014 15:34:35 +0000

On 10/29/14, 11:19 AM, "Kristof Bajnok" <bajnokk@xxxxxxx> wrote:
>Basically I like the idea. Can you please add a couple of other
>examples? From the top of my head:
> - "Any ID" -> eppn, eptid, persistent NameID, schacPersonalUniqueCode,
> - "phone" -> mobile, telephoneNumber ?
> - "address" ??? (if something needs it, it likely needs more specific
>information, such as shipping address, residential address, etc)

Right. To answer Peter, when we brainstormed this yesterday (I started
with the skeptical view that this isn't a generalizable issue), people
came up with enough examples that I was convinced it's worth a little (not
a lot) of effort to build a standard way to signal this.

Group membership is another one where attribute standardization is lacking.

Strictly speaking, SAML doesn't say that because your metadata says "give
me displayName" that I can't give you givenName + sn instead. It does say
that for queries.

But we don't have a way to define a RequestedAttribute whose unambigious
meaning is "give me displayName OR give me givenName and sn", and that's
basically the idea.

To Peter's suggestion, I personally would favor new attributes and
alignment of approaches to fix the problem at both ends. But I don't get
the feeling there's any optimism that's happening.

-- Scott