OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Inclusion of Federated Name Registration Protocolin SAML 2.0

ext Mishra, Prateek wrote:

> Could this not be accomplished by the IdP (optionally) returning a "fresh"
> federation identifier as part of the AuthNResponse? That is a modest
> extension to an existing protocol vs. the introduction of a whole new
> request-response pair.

1) You'd need to carry two NameIDs in the AuthnResponse.
2) The IdP might have to send an "unsolicited" AuthnResponse in order to 
initiate this change. Would that be an overloading of the 
AuthnRequest/Response?

- JOhnK

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]