[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries
That would apply to both approaches, a new <AuthnAttributeRequest> message or attribute negoitation in the <AuthnRequest>. I understand that you challenge the use case for dynamic attribute requests at all? - Rainer Am 26.03.2012 um 14:52 schrieb Leif Johansson: > On 03/26/2012 02:21 PM, Rainer Hoerbe wrote: >> Another approach was defined by STORK in the extension element >> <stork:RequestedAttribute> to the AuthnRequest that could use the >> existing message type. (see Document D5.8.2b >> <https://www.eid-stork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=1387> >> section 6.1.4.8.1). >> >> What would be the benefit of a new message type? Wouldn't an >> extension of AuthnRequest be less invasive for existing IdPs? >> > > That makes attribute requirements something the IdP has to deal > with for each transaction. I think that approach is bound to fail > especially since attribute requirements is usually something you > have to negotiate between the SP, IdP and the federation operator > > This isn't something that can change so often as to warrant an > in-protocol flow. > > Cheers Leif
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]