[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Attribute Federation and NameIDPolicy:Format
> The source-site-first use-case is not mentioned but seams > nevertheless possible. In this case, should the SP set the > NameIDPolicy:Format Attribute in its AuthnRequest to > "urn:...:transient" or "urn:...:unspecified" or something > agreed upon between IdP and SP or leave it blank to instruct > the IdP to create an "arbitrary value"? That's not source-site first if the SP sends a request, it's destination-first. But you do whatever you want to do. I'm not sure what it is you're trying to ask, exactly. If you want a one-time value, ask for transient, it never hurts to be explicit. > By the way, the steps for the different federation cases as > described in the "SAML V2.0 Technical Overview" aren't > normative because they don't belong to the spec-set. Why > aren't they explicitly profiled in the SAML 2.0 Profiles Spec > including more details? Why would they be? They're just examples of how the existing profile can be used to do things. They don't need additional profiling to work because all implementations have to support those patterns. The spec is long enough. What's needed is implementation guidelines, and nobody's volunteering. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]