OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [security-services] FW: Attribute Authority info in Authentication Assertion proposal (f2f #5 action item)


Title: RE: [security-services] FW: Attribute Authority info in Authentication Assertion proposal (f2f #5 action item)

I agree with Scott, that 'any' semantics is simplier.

Simon

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Tuesday, December 18, 2001 11:01 AM
To: 'Simon Godik'; security-services@lists.oasis-open.org
Subject: RE: [security-services] FW: Attribute Authority info in
Authentication Assertion proposal (f2f #5 action item)


>All authorities pointed to by the AuthorityBinding list must be queried
by
>the relying party.

FWIW, Shibboleth is currently defining simpler semantics of equivalence
that tell the relying party to query any of them rather than all of
them. This sidesteps more complex questions about conflicting attribute
responses.

For myself, I favor Simon's proposal, modified in this fashion, as a
starting point toward a more dynamically interoperable model. I
understand the provisioning argument, but I don't see why passing
information dynamically isn't preferable to not, even if it doesn't get
you all the way there. This doesn't seem like a kitchen sink thing to
me.

We can use Advice, I just don't think it's as good a solution.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC