Réf. : [saml-dev] Re: Réf. : Re: [saml-dev] Réf. : RE: [saml-dev] AttributeQuery : why SOAPbinding ?

[valerie.bauche@bull.net]

> Okay, so you have *no* upfront knowledge about what attributes will be
> needed.  Would a model where the IdP releases, at authentication time,
> all attributes that *might* be needed an acceptable solution?  I know a
> lot of services work like this.

This is the way I currently work... But this is not acceptable for this particular client who needs a very high security level.
When the SP needs a particular attribute, it asks the IDP and then the IDP MUST ask the user "Do you want to send this attribute to this particular SP".
So this process has to be very dynamic.

Valérie BAUCHE
Ingénieur en développement de solutions de sécurité
Bull, Architect of an Open World TM
Tél : 02 41 93 57 09
http://www.bull.com

Bull recrute : http://www.bull.fr/emploi 

Ce message contient des informations confidentielles, couvertes par le secret professionnel ou réservées exclusivement à leur destinataire. Toute lecture, utilisation, diffusion ou divulgation sans autorisation expresse est rigoureusement interdite.
Si vous n'en êtes pas le destinataire, merci de prendre contact avec l'expéditeur et de détruire ce message. 

This e-mail contains material that is confidential for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited.
If you are not the intended recipient, please contact the sender and delete all copies.