[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries
Hi RainerWe dont really mind whether it is a new message type or an extension to the existing AuthnRequest. Whichever people prefer.
regards David On 26/03/2012 13:21, Rainer Hoerbe wrote:
Another approach was defined by STORK in the extension element <stork:RequestedAttribute> to the AuthnRequest that could use the existing message type. (see Document D5.8.2b <https://www.eid-stork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=1387> section 6.1.4.8.1). What would be the benefit of a new message type? Wouldn't an extension of AuthnRequest be less invasive for existing IdPs? Regards, Rainer Am 22.03.2012 um 00:56 schrieb David Chadwick:Dear All Over the years there have been several attempts at standardising an approach that combines the dynamic attribute query capabilities of the attribute request message with an authentication request, to allow SPs to dynamically request different sets of attributes along with an authentication assertion, in one combined message. The attached is our latest attempt at this. It allows the SP to send its attribute request as a policy in either DNF or CNF. E.g. The SP might say "send me a visa attribute or an AMEX attribute or a Mastercard attribute" or "send me a credit card attribute or university faculty attribute" or "send me (surname, given name or family name) and postal address and optionally (home telephone number or mobile number or work number)" We submit it to the group for your consideration. regards David -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security School of Computing, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk <mailto:D.W.Chadwick@kent.ac.uk> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** <SAML 2DynAttRq.pdf> --------------------------------------------------------------------- To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org <mailto:security-services-unsubscribe@lists.oasis-open.org> For additional commands, e-mail: security-services-help@lists.oasis-open.org <mailto:security-services-help@lists.oasis-open.org>
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security School of Computing, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]