[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: ISSUE: Relying Party tailors assertion in browser artifact profil e
TC Members, The Bindings group has discussed an extension of the web browser profile as given in bindings-05. The main idea here is to extend the "artifact-to-assertion lookup" step with the inclusion of attributes desired by the relying party. This would save an extra-roundtrip as otherwise the RP must first retrieve AuthN (and other assertions) exposed via SAML artifacts and only in the next step formulate its "own" attribute query to the AP. A design proposal with discussion of pros and cons may be found in: http://lists.oasis-open.org/archives/security-bindings/200109/msg00018.html <http://lists.oasis-open.org/archives/security-bindings/200109/msg00018.html > Inclusion of this functionality would have impacts both on the core schemas and on the web browser profile. Both would need to be suitably extended. There is a clear consensus that this represents a valuable extension to our current framework. At the same time I would (personally) question whether it is a "MUST HAVE" in SAML 1.0. Perhaps the TC can give us some advice in this space. - prateek
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC