Dear All
Over the years there have been several attempts at standardising an approach that combines the dynamic attribute query capabilities of the attribute request message with an authentication request, to allow SPs to dynamically request different sets of attributes along with an authentication assertion, in one combined message.
The attached is our latest attempt at this. It allows the SP to send its attribute request as a policy in either DNF or CNF. E.g. The SP might say "send me a visa attribute or an AMEX attribute or a Mastercard attribute" or "send me a credit card attribute or university faculty attribute" or "send me (surname, given name or family name) and postal address and optionally (home telephone number or mobile number or work number)"
We submit it to the group for your consideration.
regards
David
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email:
D.W.Chadwick@kent.ac.ukHome Page:
http://www.cs.kent.ac.uk/people/staff/dwc8/index.htmlResearch Web site:
http://www.cs.kent.ac.uk/research/groups/iss/index.htmlEntrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
<SAML 2DynAttRq.pdf>---------------------------------------------------------------------
To unsubscribe, e-mail:
security-services-unsubscribe@lists.oasis-open.orgFor additional commands, e-mail:
security-services-help@lists.oasis-open.org