[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposed Enhancement for Dynamic Attribute Queries
Dear AllOver the years there have been several attempts at standardising an approach that combines the dynamic attribute query capabilities of the attribute request message with an authentication request, to allow SPs to dynamically request different sets of attributes along with an authentication assertion, in one combined message.
The attached is our latest attempt at this. It allows the SP to send its attribute request as a policy in either DNF or CNF. E.g. The SP might say "send me a visa attribute or an AMEX attribute or a Mastercard attribute" or "send me a credit card attribute or university faculty attribute" or "send me (surname, given name or family name) and postal address and optionally (home telephone number or mobile number or work number)"
We submit it to the group for your consideration. regards David -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security School of Computing, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
Attachment:
SAML 2DynAttRq.pdf
Description: Adobe PDF document
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]