OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Shibboleth and credential negotiation


>> What is likely is that we will have "canned" sets of
>> well-known attributes.  And that we'll have a means
>> of extensibility.
> If applied to A2ML that would be in the form of a "Shibboleth partner"
XML schema definition?

I don't know. We have yet to get to that level of detail.
We do expect to use A2ML (or is it SAML?) where we can (and
get inspiration from other work).  We are definitely not
suffering from NIH!

>> We are arguing whether or not there is the possibility
>> of a target site "asking" for what it wants.  The two
>> extremes cases are: (1) the target always asks for what it
>> wants from an attribute authority; (2)the set of attributes
>> to be sent is pre-configured (at the source) on a "per site"
>> basis and no asking is needed or permitted.
>I don't consider this as two extremes, I would rather characterize this
>as the *only* two possibilities, where (2) represent the current
>A2ML solution.  If there really is a *third* option what would that
>look like?

A third possibility is that a pre-configured set of attributes
get sent to the target, but the target gets to ask for others.

Marlena Erdos

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC