Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries

["Cantor, Scott" <cantor.2@osu.edu>]

On 3/26/12 9:15 AM, "Rainer Hoerbe" <rainer@hoerbe.at> wrote:

>That would apply to both approaches, a new <AuthnAttributeRequest>
>message or attribute negoitation in the <AuthnRequest>. I understand that
>you challenge the use case for dynamic attribute requests at all?

I've been known to call it "unrealistic" for the majority of deployments,
but there are certanly edge cases where you can imagine it might work. It
certainly won't be necessary most of the time, which is why it wasn't
presented as a use case to begin with.

But to your comment, I strongly agree. Anything like this belongs in the
Extensions element, not as a new message type. That would be an interop
mess, and require new endpoints in metadata and new profiles all over the
place. Other than that caveat, it's fine.

-- Scott