...
Status: Early Draft (from Albert Wu)
Overview
As we continue to deploy Shibboleth to a broader audience, one question repeately bogs down deploymentA recurring problem in deploying Shibboleth is answering the question:
Which attributes should this new SP see?
So far, most of us have tackled this question from an institutional data release policy angle, i.e., the SP submits a request to the proper data stewards, wait a few days to a few weeks, get answer back. Get data for a not so precise population of people with exceptions here and there.
Things get worse in a federated scenario (think Dreamspark). This attribute release negotiation become a discussion measured in months, even years.
Shouldn't A better way to address this problem may be to shift the decision of data release (at least personal data such "who I am" and "what roles I play") be ultimately up to the individual signing onto the resource?.
Proposal
What if we place We propose placing a filter on an Shibboleth IdP such that:
...