OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries

Hi Leif
if I understand you correctly, you propose to invent a set of virtual SPs according to the different combinations of attributes that could be requested by any SP, and then when an actual SP wants a particular set of attributes, the SAML message that is sent tells the IDP that it is from the virtual SP corresponding to the set of attributes that are required. Is that correct? If so, it sounds like a rather convoluted hack 

regards

David


On 28/03/2012 10:36, Leif Johansson wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/28/2012 11:31 AM, David Chadwick wrote:

Hi Scott



What I do think is that whatever extension were to be adoped for
an AuthnRequest should also be defined as usable in metadata as
a replacement for AttributeConsumingService.



As privacy becomes more important, then the IDP may not know which
SP the attributes are eventually destined for, in which case it
will not have the meta data to consult. How would you propose to
handle this case


By exposing each service as a separate SP. I understand virtualization
would happen but keeping metadata granular to the level of services is
easy and already being done by vendors.

	Cheers Leif

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9y24EACgkQ8Jx8FtbMZneB1ACgp+hMLjMyGWKuzvIglbaEAkCR
8V8AoMUPQ8dylcwOZGJvkwmv+FPXX+P0
=jGmh
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: security-services-help@lists.oasis-open.org




--

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]