OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries

Hash: SHA1

On 03/28/2012 11:08 AM, David Chadwick wrote:
> Hi Leif
>>>> If you have a model of an all attribute providing IDP, and an
>>>> SP that offers multiple services with different authz
>>>> requirements, then you need a feature such as this
>> No. You need a feature like this if you need to support _dynamic_
>> authz requirements. Supporting authz at all is sufficiently
>> difficult for SPs.
> the meta data approach is problematical for at least two reasons
> i) you get a combinatorial explosion of alternatives if each has to
> be separately statically specified in the metadata
> ii) at least one well known implementation (SimpleSAMLPHP) only
> supports the first metadata entry regardless of how many are
> actually present in the metadata.

I'm not sure the current way to support this in metadata is good - the
notion of an "entity category" that is being discussed in REFEDS is
probably better.

Also If you need Andreas to do stuff why not just ask him :-)

	Cheers Leif

Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]