OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries


That would apply to both approaches, a new <AuthnAttributeRequest> message or attribute negoitation in the <AuthnRequest>. I understand that you challenge the use case for dynamic attribute requests at all?

- Rainer

Am 26.03.2012 um 14:52 schrieb Leif Johansson:

> On 03/26/2012 02:21 PM, Rainer Hoerbe wrote:
>> Another approach was defined by STORK in the extension element 
>> <stork:RequestedAttribute> to the AuthnRequest that could use the 
>> existing message type. (see Document D5.8.2b 
>> <https://www.eid-stork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=1387>
>> section 6.1.4.8.1).
>> 
>> What would be the benefit of a new message type? Wouldn't an
>> extension of AuthnRequest be less invasive for existing IdPs?
>> 
> 
> That makes attribute requirements something the IdP has to deal
> with for each transaction. I think that approach is bound to fail
> especially since attribute requirements is usually something you
> have to negotiate between the SP, IdP and the federation operator
> 
> This isn't something that can change so often as to warrant an
> in-protocol flow.
> 
> 	Cheers Leif



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]