OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Proposed Enhancement for Dynamic Attribute Queries

> > i) you get a combinatorial explosion of alternatives if each has to
> > be separately statically specified in the metadata

You get the same explosion with any mechanism I know of to generate the AuthnRequest from configuration.
> > ii) at least one well known implementation (SimpleSAMLPHP) only
> > supports the first metadata entry regardless of how many are
> > actually present in the metadata.

It won't support anything you propose either, so I don't see the relevance. Non-support is always going to be a fact of life, and in general nothing that isn't part of the original standard (and metadata was an optional, misunderstood piece) is likely to be broadly adoptable unless you constrain the implementation choices.

One of the questions I'm asked a lot is, why bother implementing lots of new stuff in Shibboleth when nothing else will ever support it? The answer is, I work on the project as a local SSO system first and foremost, not as a federation technology. Some people think its overkill for that, and some people don't. I work for the ones that don't.
-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]