OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: AllowCreate in NameIDPolicy element


I'm trying to understand the AllowCreate attribute of a
samlp:NameIDPolicy element. SAMLcore states 'When "false", the requester
constrains the identity provider to only issue an assertion to it if an
acceptable identifier for the principal has already been established.'

On an operational level, does this mean that computed or transient
NameIDs cannot be used unless AllowCreate is true?

On the policy level, why should an SP care?

Thanks for any insight,

Alex Stuart
Team Leader - Federated Access Management
EDINA, University of Edinburgh

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]