[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML 2.0 - Name Qualifier Question
On 1/8/07, Shekhar, Mrigank <mshekhar@rsasecurity.com> wrote: > > idp1 as IDP and TB as SP > > < saml:NameID Format=" urn:oasis:names:tc:SAML:2.0:nameid-format:transient" > NameQualifier=" idp1.com"> joe</ saml:NameID> > > TB as IDP and sp1,sp2 etc as SPs > > < saml:NameID Format=" urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" > NameQualifier=" tb.com"> joe</ saml:NameID> I don't see how this can work for two reasons: 1) the TB does not persist identifiers so the persistent identifier above must be algorithmically computed from the identifier obtained from the IdP, but 2) the identifier obtained from the IdP is transient so there is no hope of achieving persistent account linking. I must be missing something... Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]