OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [security-services] Proposed Enhancement for Dynamic Attribute Queries

Another approach was defined by STORK in the extension element <stork:RequestedAttribute> to the AuthnRequest that could use the existing message type. (see Document D5.8.2b section 

What would be the benefit of a new message type? Wouldn't an extension of AuthnRequest be less invasive for existing IdPs?


Am 22.03.2012 um 00:56 schrieb David Chadwick:

Dear All

Over the years there have been several attempts at standardising an approach that combines the dynamic attribute query capabilities of the attribute request message with an authentication request, to allow SPs to dynamically request different sets of attributes along with an authentication assertion, in one combined message.

The attached is our latest attempt at this. It allows the SP to send its attribute request as a policy in either DNF or CNF. E.g. The SP might say "send me a visa attribute or an AMEX attribute or a Mastercard attribute" or "send me a credit card attribute or university faculty attribute" or "send me (surname, given name or family name) and postal address and optionally (home telephone number or mobile number or work number)"

We submit it to the group for your consideration.




David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

<SAML 2DynAttRq.pdf>
To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: security-services-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]