[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Proposed Enhancement for Dynamic Attribute Queries
Hi Leifif I understand you correctly, you propose to invent a set of virtual SPs according to the different combinations of attributes that could be requested by any SP, and then when an actual SP wants a particular set of attributes, the SAML message that is sent tells the IDP that it is from the virtual SP corresponding to the set of attributes that are required. Is that correct? If so, it sounds like a rather convoluted hack
regards David On 28/03/2012 10:36, Leif Johansson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/28/2012 11:31 AM, David Chadwick wrote:Hi ScottWhat I do think is that whatever extension were to be adoped for an AuthnRequest should also be defined as usable in metadata as a replacement for AttributeConsumingService.As privacy becomes more important, then the IDP may not know which SP the attributes are eventually destined for, in which case it will not have the meta data to consult. How would you propose to handle this caseBy exposing each service as a separate SP. I understand virtualization would happen but keeping metadata granular to the level of services is easy and already being done by vendors. Cheers Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9y24EACgkQ8Jx8FtbMZneB1ACgp+hMLjMyGWKuzvIglbaEAkCR 8V8AoMUPQ8dylcwOZGJvkwmv+FPXX+P0 =jGmh -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org For additional commands, e-mail: security-services-help@lists.oasis-open.org
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security School of Computing, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]