Interfederation

["Cantor, Scott" <>]

On 3/4/14, 10:43 AM, "Tom Scavo" 
<>
 wrote:
>
>Well, ScottC can correct me if I'm wrong but that's easier said than
>done (and btw, I have a similar use case, so I have skin in this game
>:) An attribute authority that supports standalone attribute query
>(apart from SSO) requires a distinct role descriptor in metadata. The
>AttributeAuthorityDescriptor is not relevant to standalone attribute
>query.

That's exactly the role for the server, but I think you're talking about
the client.

>The good news is that ScottC and I saw the handwriting on the wall
>many years ago and so we published this standard:
>
>https://wiki.oasis-open.org/security/SstcSamlMetadataExtQuery
>
>This is what we need to implement in metadata.

Well, you can, but Shibboleth has always supported attribute query with
the SPSSODescriptor, it works fine. We used to support the query extension
role, I'll double check that it's still there.

-- Scott