[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Comment on sstc-saml-glossary-2.0 (also closesAI #0114)
> This change creates space for "Attribute-based Federation" or even > "Attribute[d] Federation" which is now defined as: > > [begin-proposed-def] > Linking accounts for a given principal at a pair of providers within a > federation by the use of a set of attributes to refer to the > principal. > [end-proposed-def] Either one of those attributes uniquely identifies an account at both entities (in which case it's an identifier) or not. I can't see how this is something akin to account linking without that. > Modifying the top-level definition of "Account Linking" we now have: > > [begin-proposed-def] > A method of relating accounts at two different providers that represent > the same principal so that the providers can communicate about the > principal. Account linkage can be established through > federation based on identifiers or attributes. > [end-proposed-def] An attribute that could do this is no different than a name identifier except it's in the message in a different spot. All a SAML name identifier is is just a special kind of attribute. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]