[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/26/2012 02:21 PM, Rainer Hoerbe wrote: > Another approach was defined by STORK in the extension element > <stork:RequestedAttribute> to the AuthnRequest that could use the > existing message type. (see Document D5.8.2b > <https://www.eid-stork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=1387> > section 6.1.4.8.1). > > What would be the benefit of a new message type? Wouldn't an > extension of AuthnRequest be less invasive for existing IdPs? > That makes attribute requirements something the IdP has to deal with for each transaction. I think that approach is bound to fail especially since attribute requirements is usually something you have to negotiate between the SP, IdP and the federation operator This isn't something that can change so often as to warrant an in-protocol flow. Cheers Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9wZnMACgkQ8Jx8FtbMZnd1OwCgsQXbon0ifQX2Q1v1C8wjOxtr g4UAn3SrytfpGlzVIkapVSDFAVwND9lN =GCOz -----END PGP SIGNATURE-----
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]