[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Locating authorities in SAML?
Apologies to Jeff as I don't have a specific proposal to attach to this at present, but I'd like to clarify whether or not using assertions or responses to communicate the location of the various authorities in the SAML model is in-scope or not. Simon G. raised this in the context of Authn Authorities, and it was subsequently clarified that the AuthnLocality in the schema referred to the client, not the authority. Since Shibboleth desires as much run time flexibility as possible, our protocol from origin to destination requires that we communicate the location of the Attribute Authority to be used by the destination site. This is not, to me, an "application" issue, unless Shibboleth is in fact a SAML application, rather than a SAML implementation, and this kind of basic flow of information is out of scope for SAML to address. If it's in scope, I will propose a change. If it's out of scope, how do we foresee it being done, and is the information itself not even appropriate for carriage in the SAML messages (outside of the use of Advice perhaps, which really shouldn't be the catch-all for Shib or anyone else, IMHO). -------- Scott Cantor So long, and thanks for all the fish. cantor.2@osu.edu -- Douglas Adams, 1952-2001 Office of Info Tech PGP KeyID F22E 64BB 7D0D 0907 837E The Ohio State Univ 0x779BE2CE 6137 D0BE 1EFA 779B E2CE
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC