OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] NameID and the use of SPProvidedID

> I concur with Tom's interpretation as well.  Once an SP uses 
> an MNI to establish an SPProvidedID, then BOTH parties must 
> always send it.  It is not just something that the IDP has to 
> send back.

I really don't feel strongly about the issue, but I agree with Tom that
reading the spec, it isn't very ambiguous to me either.

The whole point of the attribute was for the SP's benefit, not the IdP's, so
I don't really see any scenario in which the IdP would ever need or want to
check for it or notice it (I would actively avoid such as an implementer

So that was really my whole point...it confused me a little that somebody
would even notice it save for something that was acting as a test against
that MUST in the spec. That fact in and of itself raised red flags with me,
because I think it reflects a misunderstanding of the attribute's underlying

That said, I agree at a spec level, it's a MUST.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]