[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries
On 3/26/12 9:15 AM, "Rainer Hoerbe" <rainer@hoerbe.at> wrote: >That would apply to both approaches, a new <AuthnAttributeRequest> >message or attribute negoitation in the <AuthnRequest>. I understand that >you challenge the use case for dynamic attribute requests at all? I've been known to call it "unrealistic" for the majority of deployments, but there are certanly edge cases where you can imagine it might work. It certainly won't be necessary most of the time, which is why it wasn't presented as a use case to begin with. But to your comment, I strongly agree. Anything like this belongs in the Extensions element, not as a new message type. That would be an interop mess, and require new endpoints in metadata and new profiles all over the place. Other than that caveat, it's fine. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]