[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue i027: Need capability for services to describe requestedclaim types
Issue i027. From: Marc Goodner
[mailto:mgoodner@microsoft.com] PLEASE DO NOT REPLY TO THIS EMAIL OR START A
DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. The issues coordinators will notify the
list when that has occurred. Protocol: wsfed http://docs.oasis-open.org/wsfed/federation/v1.2/cd/ws-federation-1.2-spec-cd-01.doc Artifact: spec Type: design Title: Need capability for services to
describe requested claim types Description: It looks like there is not a way to specify
the claim type requirements for services in the federation metadata. The
relying party (whether it is an application or an STS) needs to indicate its
claim type requirements such that an IdentityProvider is able to adjust its
issuance policy to meet these requirements. SAML-Metadata has mechanisms for expressing
attributes requested and attributes offered for SAML protocols. The new
harmonized metadata document has elements for ClaimTypesOffered and
ClaimDialectOffered, but it does not have mechanisms for indicating requested
claim types. Proposal: Add the following to the
WebServiceRequestorType. <!—as part of the complex type sequence
--> <element
ref="fed:ClaimTypesRequested" minOccurs="0"
maxOccurs="1"/> <element
name="ClaimTypesRequested" type="tns:ClaimTypesRequestedType"/> /fed:WebServiceDescriptorType/fed:ClaimTypeRequested This OPTIONAL element allows a federation
metadata provider to specify claim types, using the schema provided by
the common claim dialect defined in this specification, that MAY or MUST be present
in security tokens requested by the service. See section 3.1.x for
additional details. Introduce a new section describing
ClaimTypesRequested modeled on the section for ClaimTypesOffered. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]