OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/28/2012 11:31 AM, David Chadwick wrote:
> Hi Scott
> 
>> 
>> What I do think is that whatever extension were to be adoped for
>> an AuthnRequest should also be defined as usable in metadata as
>> a replacement for AttributeConsumingService.
>> 
> 
> As privacy becomes more important, then the IDP may not know which
> SP the attributes are eventually destined for, in which case it
> will not have the meta data to consult. How would you propose to
> handle this case

By exposing each service as a separate SP. I understand virtualization
would happen but keeping metadata granular to the level of services is
easy and already being done by vendors.

	Cheers Leif

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9y24EACgkQ8Jx8FtbMZneB1ACgp+hMLjMyGWKuzvIglbaEAkCR
8V8AoMUPQ8dylcwOZGJvkwmv+FPXX+P0
=jGmh
-----END PGP SIGNATURE-----


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]