OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries

Hi Leif

On 26/03/2012 13:52, Leif Johansson wrote:
Hash: SHA1

On 03/26/2012 02:21 PM, Rainer Hoerbe wrote:
Another approach was defined by STORK in the extension element
<stork:RequestedAttribute>  to the AuthnRequest that could use the
existing message type. (see Document D5.8.2b

What would be the benefit of a new message type? Wouldn't an
extension of AuthnRequest be less invasive for existing IdPs?

That makes attribute requirements something the IdP has to deal
with for each transaction. I think that approach is bound to fail
especially since attribute requirements is usually something you
have to negotiate between the SP, IdP and the federation operator

This isn't something that can change so often as to warrant an
in-protocol flow.

So why is the feature in the attribute request message? And has been there from v1 of SAML?

If you have a model of an all attribute providing IDP, and an SP that offers multiple services with different authz requirements, then you need a feature such as this


	Cheers Leif

Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: security-services-help@lists.oasis-open.org


David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]