metadata-driven configuration

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

metadata-driven configuration

Tom Scavo
[Since metadata-driven configuration is mostly dependent on V3.4, I'm
posting this to dev, not users]

I'm reviewing the page on metadata-driven configuration [1] but I
think I'm missing something.

I definitely see the benefit of the "direct method" of handling local
metadata: just add any desired entity attributes to the entity
descriptor and drop it into the sourceDirectory of a
LocalDynamicMetadataProvider. This provides a scalable "no touch"
method of relying party configuration.

I also see how the "indirect method" can be used to set defaults on
aggregate metadata (as a one-time configuration operation) but I don't
see how to customize single entities in the aggregate without touching
the config. What am I missing?

At least one metadata source is ignored here, that is, single entities
obtained remotely via the metadata query protocol. How are those
customized without touching the config? (Maybe I'm asking the wrong
question, I don't know)

Thanks,

Tom

[1] https://wiki.shibboleth.net/confluence/x/VQC_AQ
--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: metadata-driven configuration

Cantor, Scott E.
> I also see how the "indirect method" can be used to set defaults on aggregate
> metadata (as a one-time configuration operation) but I don't see how to
> customize single entities in the aggregate without touching the config. What
> am I missing?

Customizing multiple or single entities is the same, it's based on filters. Single is easier in fact, multiple doesn't scale all that well unless it's expressible with some kind of generic condition or script, otherwise it ends up as a long list of IDs to apply something to.

In any case, Unicon's GUI is meant to hide it all for the people who like GUIs and hide the difference between whether the metadata as a whole is managed locally or not. The main point of it is to support the GUI since there has to be separation between the GUI and the underlying configuration and this is a way to achieve that.

-- Scott

--
To unsubscribe from this list send an email to [hidden email]