[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] question on AttributeQuery processing
> LDAP filter and and SQL where clause is what an IdP can use to resolve > attributes for a subject. They are implementation details, should they > drive applications interface? That isn't my point. You said "a filter can certainly do X" and I was pointing out two extremely common examples of filters that do not do X. In fact, I would say that I've never once seen anything called a "filter" behave the way you describe, so the idea simply never occurred to me, nor did anybody ever suggest it. > Do you consider this use pattern uncommon Well, I do, but it doesn't matter whether I do or not for the purposes of your question. The spec doesn't allow for it at the moment. > If the use pattern is worth considering, how could I redesing the query > to encompass the behaviour, that is, IdP is willing to return the > requested attribute with the requested value but don't want to hide > another value. If it's not worth considering, I stop bothering. Well, no, you cannot use a SAML query to do this. An extension element to specify alternate behavior would be an option, as long as it was optional to understand and process it. Otherwise you would have to define a different protocol message. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]