Details
-
New Feature
-
Resolution: Unresolved
-
Minor
-
None
-
None
Description
Most deployments end up needing attribute authority functionality, which now requires setting up a Shib IdP (and therefore associated operational infrastructure) for what is basically an XML-LDAP translator. COmanage deployments could be made simpler if this functionality were natively supported (built upon SimpleSamlPHP or something). The backend could be LDAP (if a provisioner is suitably configured) or the native SQL database (at the expense of application queries hitting the registry database).
Note that such a deployment would make Registry more mission critical than it currently is, in that typically applications do not otherwise directly query Registry.