shibboleth-dev - SAML subject formats and privacy
Subject: Shibboleth Developers
List archive
- From: Scott Cantor <>
- To: 'Shib Design Team' <>
- Subject: SAML subject formats and privacy
- Date: Fri, 11 Jul 2003 20:03:05 -0400
- Importance: Normal
- Organization: The Ohio State University
I just checked in a small set of origin changes to address a little issue
that I meant to fix a while back, but the GRID discussions prodded me.
I widened some of the APIs to support use of the standard SAML
NameIdentifier Format URIs for people that want to use the HS/AA as a
pure-SAML Authn/Attr Authority pair.
I also added an "identity" handle repository to allow for principal names to
be used as handles for deployments that don't want privacy, and a config
property for specifying the Format URI. So people that just want to use
Kerberos IDs or X.500 DNs as handles can do that now.
I wouldn't expect anybody to use it right now, but it should be an option.
We *might* be able to interop with a commercial SAML implementation with
this change, though I don't think many of them use the POST profile.
-- Scott
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- SAML subject formats and privacy, Scott Cantor, 07/11/2003
Archive powered by MHonArc 2.6.16.