OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Front-channel AttributeQuery Profile


I am curious why you are using the front-channel approach - via the 
browser - is it to explicitly get the users consent?

> Hi, I'm considering whether it is reasonable to make an 
> Assertion/AttributeQuery profile that allows front-channel bindings...
> I'd like to exploit the possibility of implicitly referring to the 
> current user (as things are front-channel), and therefore I am abit 
> stucked because the AttributeQuery extends SubjectQueryAbstractType 
> (if I remember correctly), wher a Subject MUST be included. in the use 
> case I would like to solve, the SP and the AttributeAuthority does not 
> share a common reference to the current user...
> Would it be a good idea to omit the NameID, and use Subjectconf as 
> sender-vouces or bearer... Something like this? Better ideas 
> appreciated....
> <AttributeQuery xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>  xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:protocol 
> saml-schema-protocol-2.0.xsd"
>  xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
>  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>  ID="_d7607d551380ac97853a6ff4907c4ef01219be97dd"
>  Version="2.0"
>  IssueInstant="2008-05-27T07:46:06Z">
>     <saml:Issuer>http://rnd.feide.no/sp</saml:Issuer>
>     <saml:Subject>
>         <saml:SubjectConfirmation 
> Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches" />
>     </saml:Subject>
>     <saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241" />
> </AttributeQuery>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]