[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Re: Dutch eID Preso follow up. RE: Proposed Minutes for SSTC Call (Nov 25, 2014)
On 12/10/14, 6:26 PM, "Martijn Kaag" <martijn.kaag@connectis.nl> wrote: > >The requirement to request attributes over a front end channel (either to >facilitate consent or to allow for user interaction) if one that I >encounter more often. A possible direction is to combine an AuthnRequest >and AttributeQuery in one by extending > AuthnRequestType with the zero or more <saml:Attribute>. The reason the Extensions element was created in the schema was because extending message types has no real benefit when it comes to getting off the shelf code to work. If you have implementations that don't have any customizability with respect to Extensions, that's basically a functional limitation that has to be addressed if the code base has any hope of longevity. OTOH, expecting SSO logic to handle arbitrary message types is not realistic in practice. So that's why a dedicated mechanism for extension of *existing* message semantics was created. TL,DR; extending AuthnRequest in the XML sense is a non-starter. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]