Versions Compared

Old Version 11

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Dealing with Multiple Attribute Stores and the Shib IdP

DATE and TIME: Thurs. May 26, 2011, 10AM

CONVENER: Mike Wiseman, University of Toronto

SCRIBE: Pete St. Onge, University of Toronto

# of ATTENDEES: 20

MAIN ISSUES DISCUSSED

The identified issue is how to handle the use of multiple (more than two or three) data source connections to a shib IdP. In an institution, there may be many data stores managed centrally or in departments. If a department wants their attribute store to be used in shib authorization, should the store be connected to the IdP or should it be associated with the application side. A technical issue noted with connecting multiple data sources to an IdP is that those sources get accessed for each IdP transaction, regardless of the attribute filter settings.

...

1. Use a product such as Grouper to aggregate adtasources to one physical store.      

ACTIVITIES GOING FORWARD / NEXT STEPS

1. Document the use of attribute aggregation.

...