[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Front-channel AttributeQuery Profile
Hi, I'm considering whether it is reasonable to make an Assertion/AttributeQuery profile that allows front-channel bindings... I'd like to exploit the possibility of implicitly referring to the current user (as things are front-channel), and therefore I am abit stucked because the AttributeQuery extends SubjectQueryAbstractType (if I remember correctly), wher a Subject MUST be included. in the use case I would like to solve, the SP and the AttributeAuthority does not share a common reference to the current user... Would it be a good idea to omit the NameID, and use Subjectconf as sender-vouces or bearer... Something like this? Better ideas appreciated.... <AttributeQuery xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:protocol saml-schema-protocol-2.0.xsd" xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_d7607d551380ac97853a6ff4907c4ef01219be97dd" Version="2.0" IssueInstant="2008-05-27T07:46:06Z"> <saml:Issuer>http://rnd.feide.no/sp</saml:Issuer> <saml:Subject> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches" /> </saml:Subject> <saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241" /> </AttributeQuery> |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]