[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] NameID and the use of SPProvidedID
> I concur with Tom's interpretation as well. Once an SP uses > an MNI to establish an SPProvidedID, then BOTH parties must > always send it. It is not just something that the IDP has to > send back. I really don't feel strongly about the issue, but I agree with Tom that reading the spec, it isn't very ambiguous to me either. The whole point of the attribute was for the SP's benefit, not the IdP's, so I don't really see any scenario in which the IdP would ever need or want to check for it or notice it (I would actively avoid such as an implementer myself). So that was really my whole point...it confused me a little that somebody would even notice it save for something that was acting as a test against that MUST in the spec. That fact in and of itself raised red flags with me, because I think it reflects a misunderstanding of the attribute's underlying purpose. That said, I agree at a spec level, it's a MUST. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]