Shibboleth Developers

["David L. Wasley" <>]

The intent, perhaps, but as a resource manager I'd still do the 
concatenation if I was going to rely on uniqueness.  That way I don't 
have to rely on - or constrain - the semantics of the EPPN for any 
domain.

        David
-----
At 1:56 AM -0500 on 1/23/02, Scott Cantor wrote:

>  > Furthermore, an EPPN from one domain can not be assumed to be unique
> >  across all such domains, i.e. it is not globally unique.  Therefore,
> >  as an application or resource manager, I would always make the
> >  association
> >
> >     unique_user_identifier = concatenation (EPPN, <asserting domain> )
>
> Maybe I'm wrong, but I understood the intent to be that EPPN was
> universally (more or less) unique?
>
> In other words, I thought EPPN alone was supposed to be unique without
> appending anything else to it. Otherwise, why have the right-hand side?
>
> -- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

   http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--