[OASIS Issue Tracker] Updated: (IMI-37) Additional discussion ofproblems with enforcing Address checking

[OASIS Issues Tracker <workgroup_mailer@lists.oasis-open.org>]

     [ http://tools.oasis-open.org/issues/browse/IMI-37?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marc Goodner updated IMI-37:
----------------------------

    Fix Version/s: No Action
       Resolution: 
Consensus during 4/15 call was that the existing text mentions proxies and is sufficient to explain the problem.
http://lists.oasis-open.org/archives/imi/201004/msg00018.html

> Additional discussion of problems with enforcing Address checking
> -----------------------------------------------------------------
>
>                 Key: IMI-37
>                 URL: http://tools.oasis-open.org/issues/browse/IMI-37
>             Project: OASIS Identity Metasystem Interoperability (IMI) TC
>          Issue Type: Bug
>          Components: Spec
>    Affects Versions: SAML 2.0 Profile PR
>            Reporter: Scott Cantor
>            Priority: Minor
>             Fix For: No Action
>
>
> http://lists.oasis-open.org/archives/imi-comment/201004/msg00001.html
> Section 2.6.1 discusses the use of the Address attribute.
> "While moderately effective, this practice often proves impractical for services offered to large user populations, many of whom are likely to encounter proxies and network configurations that result in inability to satisfy the restriction"
> Just wanted to add as an observation that this is also impractical in situations where a selector relies on a cloud-based service for talking to the STS.
> E.g. the iPhone I-Card Selector works like that, therefore the IP address seen by the STS is always different from the IP of the selector.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira