security-services message

Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries

From: Leif Johansson <leifj@sunet.se>
To: David Chadwick <d.w.chadwick@kent.ac.uk>
Date: Wed, 28 Mar 2012 09:21:48 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/28/2012 01:23 AM, David Chadwick wrote:
> Hi Leif
> 

Hi David, long time no talk :-)

<snip>

> 
>> So why is the feature in the attribute request message? And has
>> been there from v1 of SAML?

Because people don't care enough to deprecate features just because
they aren't used much?

> 
>> If you have a model of an all attribute providing IDP, and an SP
>> that offers multiple services with different authz requirements,
>> then you need a feature such as this

No. You need a feature like this if you need to support _dynamic_ authz
requirements. Supporting authz at all is sufficiently difficult for SPs.

	Cheers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9yvAwACgkQ8Jx8FtbMZnfyOgCgw40n92l9xH7brViPSODIDaBB
g3QAoIG/GtcrGSW7Hw9TcciEzA4aWfOH
=J+2t
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries
  - From: David Chadwick <d.w.chadwick@kent.ac.uk>

References:
- [security-services] Proposed Enhancement for Dynamic Attribute Queries
  - From: Rainer Hoerbe <rainer@hoerbe.at>
- Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries
  - From: Leif Johansson <leifj@sunet.se>
- Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries
  - From: David Chadwick <d.w.chadwick@kent.ac.uk>