[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/26/2012 03:52 PM, Cantor, Scott wrote: > On 3/26/12 9:15 AM, "Rainer Hoerbe" <rainer@hoerbe.at> wrote: > >> That would apply to both approaches, a new >> <AuthnAttributeRequest> message or attribute negoitation in the >> <AuthnRequest>. I understand that you challenge the use case for >> dynamic attribute requests at all? > > I've been known to call it "unrealistic" for the majority of > deployments, but there are certanly edge cases where you can > imagine it might work. It certainly won't be necessary most of the > time, which is why it wasn't presented as a use case to begin > with. > > But to your comment, I strongly agree. Anything like this belongs > in the Extensions element, not as a new message type. That would be > an interop mess, and require new endpoints in metadata and new > profiles all over the place. Other than that caveat, it's fine. > +1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9wgswACgkQ8Jx8FtbMZndjmACgk9vGjFVPPXLwV67lSsxbfuaF 7mIAn12JHsbiSxcJEgdrHP0CiubRXA7E =Vd/y -----END PGP SIGNATURE-----
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]