OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [saml-dev]

Thanks for writing this up. I have a few comments/suggestions embedded. Not sure
if all can access the doc, since I edited it in staroffice. Here is
the text I have embedded:
AS part of the original specification by prateek what comes as the SSO Assertion 
during SSO has an authentication statement and the attribute statement holding 
the MembershipLevel attribute. Since there is no separate attribute assertion 
coming down as part of the SSO, one would have to either:
1.Make an attribute query to the AA, and on receving the attribute assertion, 
use that as Evidence when making the proposed Authz query. ( this does not make 
sense since the receiver of the SSO assertion already has the attribute 
2. Create an attribute assertion from the attribute statement received as part 
of the SSO Assertion and use that as Evidence. ( dont think this is SOAP binding 
though, someone please confirm)
3.Use the same SSO Assertion as received during the SSO, which also holds the 
attribute statement as the Evidence, but then this may have expired. We could 
keep the expiration range to be long enough so that the assertion is alive for 
the whole round trip demo.

If its upto vendor to use/not use the attribute assertion, what's  the point of 
making it ?

We need to refine this part to choose one of the 3 options or any other 
alternatives. I think option 3 is more viable.
Thoughts ?



>Content-return: allowed
>Date: Wed, 08 May 2002 12:43:56 -0700
>From: Andy Fetterer <afetterer@crosslogix.com>
>Subject: [saml-dev]
>To: saml-dev@lists.oasis-open.org
>MIME-version: 1.0
>List-Owner: <mailto:saml-dev-help@lists.oasis-open.org>
>List-Post: <mailto:saml-dev@lists.oasis-open.org>
>List-Subscribe: <http://lists.oasis-open.org/ob/adm.pl>, 
>List-Unsubscribe: <http://lists.oasis-open.org/ob/adm.pl>, 
>List-Archive: <http://lists.oasis-open.org/archives/saml-dev/>
>List-Help: <http://lists.oasis-open.org/elists/admin.shtml>, 
>List-Id: <saml-dev.lists.oasis-open.org>

Bhavna Bhatnagar                		Sun Microsystems Inc.		 
Identity Management group	 __o
Tel: 408-276-3591              _`\<,_	
                              (*)/ (*)

Attachment: InterOp Scenario Extensions-draft-01.doc
Description: InterOp Scenario Extensions-draft-01.doc

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC