[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - Change Notify Protocol 02(saml-2.0-notify-draft-02.zip) uploaded
>> After further reading, ManageNameIDRequest Terminate seems reasonably >> equivalent to disable|suspend, and NewID to enable|resume. So, no, >> enable/disable is not distinct from ManageNameIDRequest. > > NewID in a MNI request assumes an active relationship based on the other > NameID in the request. It's a Rename, or if the SP does it, it's an > attachment of a secondary Name. Thanks, Scott, for correcting me; MNI seems comparable to LDAP mod[r]dn. My suggestion is that the NewSubject definition could include a sentence clarifying that "new" subjects may or may not really be new, depending on whether or not they were retired or de-provisioned during a previous RetireSubject operation, dependent upon the issuer-target SLA. An implementer, say SPML or LDAP backed, shouldn't translate a NewSubject request to an add/create since the (previously retired) subject may already exist. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]