mace-opensaml-users - Re: SAML for Provisioning
Subject: OpenSAML user discussion
List archive
- From: Mark Allen Earnest <>
- To: Scott Cantor <>
- Cc: "'Tom Scavo'" <>, "'Prasad'" <>,
- Subject: Re: SAML for Provisioning
- Date: Thu, 29 Sep 2005 17:30:09 -0400
- Organization: The Pennsylvania State University
Scott Cantor wrote:
>>Prasad, can you explain a bit more what you mean by "user
>>provisioning"? Surely, a SAML service provider might create a user
>>account on the basis of a (strong) SAML assertion returned from a
>>(trusted) SAML identity provider, but that seems to defeat the purpose
>>of a SAML browser profile altogether.
>
> Why? That's probably a good summation of a majority of the actual
> deployments out there, except that they probably don't create the account at
> the time of login, it's in advance.
>
> In the sense that you can dynamically provision based on attributes/claims,
> that's certainly an obvious use of SAML to do "provisioning".
This is exactly what webassign does with Shib, they build their local
account db dynamically as saml assertions come in.
--
Mark Allen Earnest
Lead Systems Programmer
Emerging Technologies
The Pennsylvania State University
KB3LYB
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- SAML for Provisioning, Prasad, 09/29/2005
- Re: SAML for Provisioning, Tom Scavo, 09/29/2005
- RE: SAML for Provisioning, Scott Cantor, 09/29/2005
- Re: SAML for Provisioning, Mark Allen Earnest, 09/29/2005
- RE: SAML for Provisioning, Scott Cantor, 09/29/2005
- Re: SAML for Provisioning, RL 'Bob' Morgan, 09/29/2005
- Re: SAML for Provisioning, Prasad, 09/29/2005
- <Possible follow-up(s)>
- Re: SAML for Provisioning, Chad La Joie, 09/29/2005
- Re: SAML for Provisioning, Prasad, 09/29/2005
- Re: SAML for Provisioning, Tom Scavo, 09/29/2005
Archive powered by MHonArc 2.6.16.