OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] XPath Attribute Profile

> Not what I was thinking of.  I was saying that the IdP could
> return *inside of the AuthnResponse Assertion* (or the
> dereferenced response using the artificat profile) the
> attributes that it wants to include with such a response.

That's what the existing metadata and the AttributeConsumingServiceIndex
attribute is used to describe, so it is exactly what you were thinking of.
It's not mandatory of course, an IdP can do whatever it wants for whatever
reasons it wants.

> I was not trying to create an "Attribute Consuming service"
> endpoint in the metadata (does one exist now?)

Not an endpoint, but an aspect of defining SSO services, yes. Most of us
were doing attribute sharing already and we wanted to create some
interoperability in the use of that during SSO.

Consider it an aspect of Shibboleth's contribution if you will, although I
hardly believe we were unique.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]