Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-808

Collapse Filter configuration namespaces

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 3.2.0
    • Labels:
      None

      Description

      As discussed in the dev meeting 5/Sep.

      consider a filter section

      <afp:AttributeRule attributeID="email"
          	xmlns:afp="urn:mace:shibboleth:2.0:afp" xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
          	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd
                                  urn:mace:shibboleth:2.0:afp:mf:basic http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd">
      	<afp:PermitValueRule xsi:type="basic:AND">
      		<basic:Rule xsi:type="basic:NOT">
      			<basic:Rule xsi:type="basic:ANY" />
      		</basic:Rule>
      		<basic:Rule xsi:type="basic:ANY" />
      	</afp:PermitValueRule>
      </afp:AttributeRule>
      

      It would be considerably nice if we could say

      <AttributeRule attributeID="email"
          	xmlns="urn:mace:shibboleth:2.0:afp"
          	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
      	<PermitValueRule type="AND">
      		<Rule type="NOT">
      			<Rule type="ANY" />
      		</Rule>
      		<Rule type="ANY" />
      	</PermitValueRule>
      </AttributeRule>
      

      This consists of three steps

      1. remove saml: and basic:
        1. include (cut & paste) the saml: and basic: schemata into the afp: one.
        2. Extend the NameSpaceProvider to look for afp:whatever and basic:whatever
        3. Modify some of the parsers to look for afs:thing as well as basic:thing
      2. remove xsi:type
        1. modify the schema to have afp:type
        2. modify our basic parser to handle XYZ:type as well as xsi:type
      3. Document at the appropriate time (close to V3.2 release)
      4. Deprecate the old syntax with a warning

      Status

      • I have protoyped the first and it will be pretty easy
      • I have not yet looked at the second but I don't think that it will be hard (potentially modulo a new method in the base parser to get the secondary (XYZ: above) namespace)
      • The last only requires a decision as to whether to warn
        • once per name space encountered (per load)
        • once per Type/Element encountered (per load)
        • once per load.

      Input on the last is solicited

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rdw@iay.org.uk Rod Widdowson
              Reporter:
              rdw@iay.org.uk Rod Widdowson
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 7 hours Original Estimate - 7 hours
                  7h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 3 hours, 30 minutes
                  1d 3h 30m