OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Comment on sstc-saml-glossary-2.0 (also closesAI #0114)


> This change creates space for "Attribute-based Federation" or even
> "Attribute[d] Federation" which is now defined as:
> 
> [begin-proposed-def]
> Linking accounts for a given principal at a pair of providers within a
> federation by the use of a set of attributes to refer to the 
> principal.
> [end-proposed-def]

Either one of those attributes uniquely identifies an account at both
entities (in which case it's an identifier) or not. I can't see how this is
something akin to account linking without that.

> Modifying the top-level definition of "Account Linking" we now have:
> 
> [begin-proposed-def]
> A method of relating accounts at two different providers that represent
> the same principal so that the providers can communicate about the
> principal. Account linkage can be established through 
> federation based on identifiers or attributes.
> [end-proposed-def]

An attribute that could do this is no different than a name identifier
except it's in the message in a different spot. All a SAML name identifier
is is just a special kind of attribute.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]