Re: =?UTF-8?B?UsOpZi4gOiBSZTogW3NhbWwtZGV2XSBSw6lmLiA6IFJFOiBbc2E=?==?UTF-8?B?bWwtZGV2XSBBdHRyaWJ1dGVRdWVyeSA6IHdoeSBTT0FQIGJpbmRpbmcgPw==?=

[Chad La Joie <chad.lajoie@switch.ch>]

Okay, so you have *no* upfront knowledge about what attributes will be
needed.  Would a model where the IdP releases, at authentication time,
all attributes that *might* be needed an acceptable solution?  I know a
lot of services work like this.

valerie.bauche@bull.net wrote:
> Ok I understand...
> In my typical use case I must have a second round trip ! Because when I 
> send the first AuthnRequest I don't know which attributes I need, I cant 
> ask for them at this moment. 
> The needed attributes will depend on what the user will do in the 
> ressource later in the process...
> I know it seems a bit strange but this is a client requirement and I just 
> try to find the best way to handle it !
> 
> Valérie BAUCHE
> Ingénieur en développement de solutions de sécurité
> Bull, Architect of an Open World TM
> Tél : 02 41 93 57 09
> http://www.bull.com
> 
> Bull recrute : http://www.bull.fr/emploi 
> 
> Ce message contient des informations confidentielles, couvertes par le 
> secret professionnel ou réservées exclusivement à leur destinataire. Toute 
> lecture, utilisation, diffusion ou divulgation sans autorisation expresse 
> est rigoureusement interdite.
> Si vous n'en êtes pas le destinataire, merci de prendre contact avec 
> l'expéditeur et de détruire ce message. 
> 
> This e-mail contains material that is confidential for the sole use of the 
> intended recipient. Any review, reliance or distribution by others or 
> forwarding without express permission is strictly prohibited.
> If you are not the intended recipient, please contact the sender and 
> delete all copies. 

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad.lajoie@switch.ch, http://www.switch.ch