Re: [security-services] Proposal: Query Extension for SAML AuthnReq

["Tom Scavo" <trscavo@gmail.com>]

Hi Sampo,

I've only skimmed your proposal so please forgive me if I've
overlooked something.

Of course something like this is needed, no question about that.  You
mention the relation to <AttributeConsumingService> at the outset, but
then you neglect to use <RequestedAttribute> in any of your proposed
solutions.  Why not carry <RequestedAttribute> elements in the authn
request (in some way), with exactly the same semantics as in metadata?

The other thing I'll comment on is the proposed use of
Attribute/AttributeValue to convey non-attribute information to the
IdP.  This too diverges from current usage, and I would suggest we
find some other way to carry this information.

Cheers,

Tom Scavo
NCSA

On Tue, Apr 22, 2008 at 10:18 AM,  <sampo@symlabs.com> wrote:
> Please find attached a contribution for a problem that SSTC should solve.
>
>  Proposal to pass more useful information in the AuthnRequest
>  as required by real world deployment profiles.
>
>  Cheers,
>  --Sampo
> ---------------------------------------------------------------------
>  To unsubscribe from this mail list, you must leave the OASIS TC that
>  generates this mail.  You may a link to this group and all your TCs in OASIS
>  at:
>  https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>