[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: composition of AssertionID (Issue: DS-4-04: URIs for Assertio nIDs)
Jeff Hodges wrote, > The research I did indicates that it is questionable whether > it is a good idea > to simply use a URL-style URI as shown above and consider the > "problem solved". Yes, but it seems to me that 2/3 of these problems go away if you assume global (intergalactic) uniqueness. I further assert that half of the remainder go away if you write strict rules for forming and comparing them for identity. This IMO leaves a managable remainder to deal with. > > I assume if you ask for an Assertion identified only by ID, > you will get > > that one or an error. > > Part of the question is "to whom do you address the > request?". If the answer is > "you figure it out from stuff within the AssertionID", then I > claim we're > (perhaps needlessly) overloading the semantics of > AssertionID. I think we have already have agreed that various things in SAML need to be administratively configured, based on out of band agreement, so I don't see a problem with doing the same for the location of authorities. I am equally comfortable with an 1) issuer dns name and a unique integer or 2) an UUID, but such things are unfashionable. (As someone who was at various times an expert on DCE and SET, I understand the need to follow technology fashions or be left talking to yourself. ;-) Regards, Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC