OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Groups - Change Notify Protocol 02(saml-2.0-notify-draft-02.zip) uploaded


>> After further reading, ManageNameIDRequest Terminate seems reasonably
>> equivalent to disable|suspend, and NewID to enable|resume. So, no,
>> enable/disable is not distinct from ManageNameIDRequest.
>
> NewID in a MNI request assumes an active relationship based on the other
> NameID in the request. It's a Rename, or if the SP does it, it's an
> attachment of a secondary Name.

Thanks, Scott, for correcting me; MNI seems comparable to LDAP mod[r]dn.

My suggestion is that the NewSubject definition could include a
sentence clarifying that "new" subjects may or may not really be new,
depending on whether or not they were retired or de-provisioned during
a previous RetireSubject operation, dependent upon the issuer-target
SLA.

An implementer, say SPML or LDAP backed, shouldn't translate a
NewSubject request to an add/create since the (previously retired)
subject may already exist.

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]