[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: W2a: SSO with Attribute Exchange
Proposed high-level changes to Section 3.2 of ID-FF 1.2 to accommodate
W-2a: Attribute-based SSO The main change is to allow attribute statements in returned assertions
carried in an AuthNResponse. The current text in Section 3.2 refers to authentication assertions
(lines 512 and 444-445) which appears to me to be in error. Looking at the
remaining text, the intent appears to have been to allow assertions with authentication statements to
be returned. This proposal would extend this to allow the occurrence of
attribute statements as well. The <NameIDPolicy> element in an AuthNRequest carries a hint about the type of information
being requested from the identity
provider. The range of values would be extended to include
"attribute-based". The <saml:NameIdentifier>
is always provided by the IdP for this case.
Depending upon prior agreement between the IdP
and SP, tt may be either be a long-lived pseudonymous
identifier or a well-known identifier drawn from the user
profile. The Format attribute of the liberty SubjectType
would be extended to include "pseudonym" or "profile
identifier'. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]