[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Groups - Action Item Closed: #0332 Revise Query Extension for SAML ...
OASIS Security Services (SAML) TC member, Hal Lockhart has closed this action item. Number: #0332 Description: Revise Query Extension for SAML ... Owner: Sampo Kellomki Status: Closed Comments: Mr Brian Campbell 2008-05-19 19:56 GMT from http://lists.oasis-open.org/archives/security-services/200805/msg00024.html "3.4 Proposal: Query Extension for SAML AuthnReq http://lists.oasis-open.org/archives/security-services/200804/msg00019.h tml Sampo: objective is to allow an SP to ask for certain attributes on AuthnRequest, or to pass attributes in AuthnRequest. Original options was a) to embed AttributeQuery in AuthnRequest b) to embed AttributeQuery in AuthnRequest/Extension c) new top level query element d) boxcarring e) leverage (from metadata) as child element of AuthnRequest/Extension Option E is the consensus Prateek: an existing IDP would not process? Scott: no, its in an extension that would not understand it Prateek: shouldnt break though Sampo: but if we are putting in an extension, then do we need a wrapper element Scott: likes the cleanliness of AuthnRequest Extension RequestedAttributes RequestedAttribute Sampo: fine, will rev accordingly Scott: still need to clarify the mandatory processing rules around this extension, and recoincile with the processing rules for the existing element in metadata. Needs to be written carefully, complication is that its an extension, and so an IDP doesnt have to support it. Hal: make sense for the IDP to indicate 'in the message' that the IDP did understand the message? Scott: even if written as mandatory, existing IDPs wont see it Scott: just wanted to hilite the limitations Sampo: if you claim to support this extension, then it must be possible to confugure your IDP deployment to return an error if it doesnt have the attribute Sampo: how to indicate in metadata to indicate support for an extension Scott; we already have a mechanism, it goes in the extension spec AI: Sampo to revise Query Extension for SAML AuthnReqaccordingly" View Details: http://www.oasis-open.org/apps/org/workgroup/security/members/action_item.php?action_item_id=2179 PLEASE NOTE: If the above links do not work for you, your email application may be breaking the link into two pieces. You may be able to copy and paste the entire link address into the address field of your web browser. - OASIS Open Administration
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]