OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Proposal: Query Extension for SAML AuthnReq

Hi Sampo,

I've only skimmed your proposal so please forgive me if I've
overlooked something.

Of course something like this is needed, no question about that.  You
mention the relation to <AttributeConsumingService> at the outset, but
then you neglect to use <RequestedAttribute> in any of your proposed
solutions.  Why not carry <RequestedAttribute> elements in the authn
request (in some way), with exactly the same semantics as in metadata?

The other thing I'll comment on is the proposed use of
Attribute/AttributeValue to convey non-attribute information to the
IdP.  This too diverges from current usage, and I would suggest we
find some other way to carry this information.


Tom Scavo

On Tue, Apr 22, 2008 at 10:18 AM,  <sampo@symlabs.com> wrote:
> Please find attached a contribution for a problem that SSTC should solve.
>  Proposal to pass more useful information in the AuthnRequest
>  as required by real world deployment profiles.
>  Cheers,
>  --Sampo
> ---------------------------------------------------------------------
>  To unsubscribe from this mail list, you must leave the OASIS TC that
>  generates this mail.  You may a link to this group and all your TCs in OASIS
>  at:
>  https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]