OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Re: Dutch eID Preso follow up. RE: Proposed Minutes for SSTC Call (Nov 25, 2014)


Do you mean specifying the attributes you want back, or actually
"specifying the subject"? The latter is a pretty unusual use case for a
front-channel profile, since the subject is implicitly whoever is sitting
at the client.

Both are required. 

You specify the attributes you want back for the initial authentication at the Identity Provider.  

You should specify the (requested) subject if you want additional attributes from an Attribute Provider. This user previously authenticated at the Identity Provider. For this, they currently envision an attributequery over a front-end channel (because they need user consent per attribute); I understood that your suggestion was to implement this as Web SSO instead.

Thx


Met vriendelijke groet,

 

drs. Martijn Kaag 

tel +31 (0) 88 01 20 222 | gsm +31 (0) 6 42 94 00 93 | skype martijn.kaag-connectis


On Wed, Dec 10, 2014 at 3:27 PM, Cantor, Scott <cantor.2@osu.edu> wrote:
On 12/10/14, 7:43 AM, "Martijn Kaag" <martijn.kaag@connectis.nl> wrote:


>
>For this use case to work they need multiple attributes in the request.
>If they implement this as an AuthnRequest (as you suggested), there is
>currently no way of specifying the subject with more than one attribute.

Do you mean specifying the attributes you want back, or actually
"specifying the subject"? The latter is a pretty unusual use case for a
front-channel profile, since the subject is implicitly whoever is sitting
at the client.

-- Scott



www.connectis.nl | Postbus 975 | 3000 AZ Rotterdam | +31 (0) 88 - 0120 222 | KvK 24444001

Connectis ontwikkelt een nieuw platform en zoekt ervaren software engineers.
Kijk op www.werkenbijconnectis.nl voor meer informatie.

Connectis, FederateNow™ en ZorgverlenerOnline zijn handelsmerken van Connected Information Systems B.V. 

Dit e-mailbericht en enige bijlage is uitsluitend bestemd voor de geadresseerde(n) en strikt vertrouwelijk. Aan dit bericht kunnen geen rechten ontleend worden. Op het werk van Connected Information Systems B.V. zijn haar algemene voorwaarden van toepassing.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]