security-services message

Subject: RE: [security-services] Groups - saml-session-token-v1.0-wd03.pdfuploaded

From: "Cantor, Scott E." <cantor.2@osu.edu>
To: Hal Lockhart <hal.lockhart@oracle.com>, SAML<security-services@lists.oasis-open.org>
Date: Sun, 23 Jan 2011 20:02:15 +0000

> > I guess I could eliminate the requirement. In the environments this is
> > targeted at the NameID, whether long term or pseudonymous, is used as a
> > lookup key to find other attributes for access control. It also may be used by
> > the application in various ways.
> 
> What I'd probably expect, I suppose, is creating a new format, perhaps, or
> using a transient, and using the session key as the NameID.

Actually, belay that, obviously that won't work. The main question I'm asking is whether it's a requirement for the NameID to be present to make what you're doing work, if the original SSO assertion didn't have one.

-- Scott

References:
- Re: [security-services] Groups - saml-session-token-v1.0-wd03.pdfuploaded
  - From: "Cantor, Scott E." <cantor.2@osu.edu>
- RE: [security-services] Groups - saml-session-token-v1.0-wd03.pdfuploaded
  - From: Hal Lockhart <hal.lockhart@oracle.com>
- RE: [security-services] Groups - saml-session-token-v1.0-wd03.pdfuploaded
  - From: "Cantor, Scott E." <cantor.2@osu.edu>