shibboleth-dev - RE: Attributes, and Shibboleth -- the EPPN swamp
Subject: Shibboleth Developers
List archive
- From: "Paul B. Hill" <>
- To: "Scott Cantor" <>, "'David L. Wasley'" <>, "'Shibboleth Project'" <>, <>, <>
- Subject: RE: Attributes, and Shibboleth -- the EPPN swamp
- Date: Wed, 23 Jan 2002 11:58:16 -0500
- Importance: Normal
Hi,
I had originally suggested the EPPN to handle a couple of situations.
One, so that it could be used as a SASL Authorization identifier (the SASL
spec and most other specs that are using SASL today tend to skip over the
naming issue when talking about this identifier.)
Two, not all domains have a single namespace. Some sites may still be using
local password files, so the RHS may actually specify an individual machine.
E.g.
might not be the same as
.
In
this case if the "unique identifier" was created by the receiving
application server it is difficult to determine what the behavior should
actually be. (Is the receiver going to know that the fully qualified machine
name should be on the RHS or will it just used to DNS domain name?)
Three, I felt that the RHS should be specified by the originator, nopt the
application server, so that the identifier could travel through one or more
servers without getting mangled. By servers in this context I am including
proxy servers, n-tier systems, relay servers, fanout systems, etc.
Paul
-----Original Message-----
From:
[mailto:]On
Behalf Of Scott Cantor
Sent: Wednesday, January 23, 2002 1:57 AM
To: 'David L. Wasley'; 'Shibboleth Project';
;
Subject: RE: Attributes, and Shibboleth -- the EPPN swamp
> Furthermore, an EPPN from one domain can not be assumed to be unique
> across all such domains, i.e. it is not globally unique. Therefore,
> as an application or resource manager, I would always make the
> association
>
> unique_user_identifier = concatenation (EPPN, <asserting domain> )
Maybe I'm wrong, but I understood the intent to be that EPPN was
universally (more or less) unique?
In other words, I thought EPPN alone was supposed to be unique without
appending anything else to it. Otherwise, why have the right-hand side?
-- Scott
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- Attributes, and Shibboleth -- the EPPN swamp, Steven_Carmody, 01/18/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, Scott Cantor, 01/19/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, David L. Wasley, 01/23/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, Scott Cantor, 01/23/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, Paul B. Hill, 01/23/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, Steven_Carmody, 01/23/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, Paul B. Hill, 01/23/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, David L. Wasley, 01/23/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, RL 'Bob' Morgan, 01/24/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, RL 'Bob' Morgan, 01/25/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, Scott Cantor, 01/25/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, RL 'Bob' Morgan, 01/25/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, RL 'Bob' Morgan, 01/24/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, David L. Wasley, 01/25/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, RL 'Bob' Morgan, 01/28/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, Steven_Carmody, 01/23/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, Paul B. Hill, 01/23/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, Scott Cantor, 01/23/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, David L. Wasley, 01/23/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, Steven_Carmody, 01/23/2002
- RE: Attributes, and Shibboleth -- the EPPN swamp, Scott Cantor, 01/19/2002
Archive powered by MHonArc 2.6.16.