security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Affiliation ID
- From: Thomas Wisniewski <Thomas.Wisniewski@entrust.com>
- To: security-services@lists.oasis-open.org
- Date: Sun, 12 Jun 2005 09:40:14 -0400
Title: Message
Hi, when an
affiliation id is used with persistent identifiers -- it is set using
SPNameQualifier (primarily dictated by an SP).
What I'm not clear
on is whether the affiliation id is managed at all SPs? I.e., does a user have
to federate (someone) themselves for each of their SPs. So if you have 5 SPs
using 1 affiliation and one IDP for these 5, does a user have to federate with
each 5.
Put another way,
consider MNI, where the SPProvidedID is being changed by an SP, or the NameID
value is being changed by the IDP. For the latter case, does the IDP have to
send the MNI request to all SPs? If you think about the UI at the IDP, does the
user see a federation with all 5 SPs (so the IDP maintains a different
value for each of the 5 SPs).
Or perhaps the idea
is that the IDP maintains only 1 mapping (for all 5 SPs). Hence the SPs, someone
have a way to acquire the mapped user? Perhaps one of the 5 SPs is the
primary, or there is some replication taking place?
Thanks,
Tom.
Thomas Wisniewski
Software Architect
Phone: (201)
891-0524
Cell: (201) 248-3668
EntrustÒ
Securing Digital Identities
& Information
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]