OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Proposed Enhancement for Dynamic Attribute Queries

> As privacy becomes more important, then the IDP may not know which SP
> the attributes are eventually destined for, in which case it will not
> have the meta data to consult. How would you propose to handle this case

Probably with an extension to the request message. ;-)

For now, I'm waiting for evidence that we have clients and IdPs likely to support such a use case. Today we do not have that evidence, and adding this feature is a small part of what will be involved in creating new profiles to support that use case, so it isn't on my radar. For example, it won't be a bearer token flow at all, so you're talking holder of key at minimum.

The last attempt to pull that use case off was IMI, and so the assumption was that adding it to SAML wasn't the way to go. Then IMI died, but that didn't mean it suddenly because a SAML problem. It was just evidence to me that nobody was ready to look at the use case.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]