6:42 a.m.
Hi Leif
On 10/06/2017 07:31 μμ, Leif Johansson wrote:
Skickat från min iPhone
I recently added a microservice for doing some forms of attribute transformations...
We had seen it but the idea behind Ivan's proposal is to allow for more
complex transformations / processing of attributes.
i.e. "get this attribute value, hash it with this configurable alg,
append a scope and name it epuid"
We would really like to see something like this in SATOSA and we are
willing to put in the effort to implement it ( we have a use case for
the eID module ) so we would appreciate feedback on the design decisions.
I guess one of the most important questions is whether this should be an
extension of the Attribute mapper (as we propose) or if it would make
more sense to have this as a microservice ? The attribute mapper
extension approach seems simple and non intrusive, yet we do acknowledge
that is has some limitations:
- One cannot perform transformations when using SATOSA in a X to X
proxy setup.
- The mappings/transformations are not ordered so there is no way to
know that a transformation has happened already so that the result can
be used in another one.
Best Regards,
Ioannis
_______________________________________________
Satosa-dev mailing list
Satosa-dev at lists.sunet.se
https://lists.sunet.se/listinfo/satosa-dev
--
------------------------------------------------------------------
Ioannis Kakavas - ikakavas at grnet.gr
Identity and Security Engineer
GRNET Network Operations Centre
Greek Research & Technology Network - http://www.grnet.gr
7, Kifisias Av. 115 23 Athens, Greece
Office: +30 2107474255
PGP Fingerprint: A5AA FB5E 740A 603B FAB1 9920 D70F 0CD5 9DE3 C262
------------------------------------------------------------------