[OpenID] [LIKELY_SPAM]Re: OpenID SREG best practice question

[Nate Klingenstein]

Peter,

> It’s like what SAML would do if its metadata for attribute  
> contracts was more complete (and used).

Couldn't have said it better myself. :P

> What we did a bit better was allow the RP metadata to be actually  
> published in a repository with a common access method, so it  
> ACTUALLY auto-configures the RP software (once the policy is set,  
> and expressed). Change policy, software adjusts.

I totally agree.  This has been absolutely vital for us too, and  
Shibboleth 2.0 has extensive support for includes of attribute  
release configuration & templates.  This is yet another reason why a  
federation, which I'd consider your repository to be, is so useful.

Thanks a lot for chiming in your experience in a different sector.   
It's really useful to know this is a common pattern.
Nate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081113/0f0f40f1/attachment-0002.htm>