[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [saml-dev]
Andrew, Thanks for writing this up. I have a few comments/suggestions embedded. Not sure if all can access the doc, since I edited it in staroffice. Here is the text I have embedded: AS part of the original specification by prateek what comes as the SSO Assertion during SSO has an authentication statement and the attribute statement holding the MembershipLevel attribute. Since there is no separate attribute assertion coming down as part of the SSO, one would have to either: 1.Make an attribute query to the AA, and on receving the attribute assertion, use that as Evidence when making the proposed Authz query. ( this does not make sense since the receiver of the SSO assertion already has the attribute information) 2. Create an attribute assertion from the attribute statement received as part of the SSO Assertion and use that as Evidence. ( dont think this is SOAP binding though, someone please confirm) 3.Use the same SSO Assertion as received during the SSO, which also holds the attribute statement as the Evidence, but then this may have expired. We could keep the expiration range to be long enough so that the assertion is alive for the whole round trip demo. If its upto vendor to use/not use the attribute assertion, what's the point of making it ? We need to refine this part to choose one of the 3 options or any other alternatives. I think option 3 is more viable. Thoughts ? Thanks Bhavna >Content-return: allowed >Date: Wed, 08 May 2002 12:43:56 -0700 >From: Andy Fetterer <afetterer@crosslogix.com> >Subject: [saml-dev] >To: saml-dev@lists.oasis-open.org >MIME-version: 1.0 >List-Owner: <mailto:saml-dev-help@lists.oasis-open.org> >List-Post: <mailto:saml-dev@lists.oasis-open.org> >List-Subscribe: <http://lists.oasis-open.org/ob/adm.pl>, <mailto:saml-dev-request@lists.oasis-open.org?body=subscribe> >List-Unsubscribe: <http://lists.oasis-open.org/ob/adm.pl>, <mailto:saml-dev-request@lists.oasis-open.org?body=unsubscribe> >List-Archive: <http://lists.oasis-open.org/archives/saml-dev/> >List-Help: <http://lists.oasis-open.org/elists/admin.shtml>, <mailto:saml-dev-request@lists.oasis-open.org?body=help> >List-Id: <saml-dev.lists.oasis-open.org> > ________________________________________________________________________ Bhavna Bhatnagar Sun Microsystems Inc. Identity Management group __o Tel: 408-276-3591 _`\<,_ (*)/ (*) ________________________________________________________________________
Attachment:
InterOp Scenario Extensions-draft-01.doc
Description: InterOp Scenario Extensions-draft-01.doc
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC