[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Forwarding thread on "previously established an identifier usable by the requester"?
> I should have linked to this message from Brian Campbell as > part the April 5 agenda. We can discuss this thread under > errata or as an independent item during the call. > > http://lists.oasis-open.org/archives/saml-dev/200503/msg00000.html Synthesizing a few potentially concrete things from that thread (not to disparage my long-winded and mostly unsatisfactory responses that people will so enjoy): - we might want to strengthen the proviso in the NIM protocol about transient identifiers not "generally" being used with it - we definitely should clarify whether the SPProvidedID feature in NIM attaches the alias to "this principal" (the current text) or "this NameID" (my intent, not precluding or requiring the IdP from attaching it to other applicable NameIDs for the same principal) - reaffirming that AllowCreate false was definitely not intended to preclude use of pre-provisioned identifiers as in many current use cases - whether persistent in and if itself assumes dynamic creation during SSO (I think we're agreed it doesn't) - whether persistent attribute-based identifiers introduce a loophole sufficient to render using AllowCreate pointless anyway -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]