Skip to Content.
Sympa Menu

shibboleth-dev - Re: Shibboleth Service Provider Security Advisory [14 December 2004]

Subject: Shibboleth Developers

List archive

Re: Shibboleth Service Provider Security Advisory [14 December 2004]


Chronological Thread 
  • From: "Oleksandr Otenko" <>
  • To: Tom Scavo <>
  • Cc: Scott Cantor <>,
  • Subject: Re: Shibboleth Service Provider Security Advisory [14 December 2004]
  • Date: Wed, 15 Dec 2004 16:14:42 +0000

Tom Scavo wrote:

On Wed, 15 Dec 2004 09:59:50 -0500, Scott Cantor
<>
wrote:

In retrospect, it was probably a mistake to try and use an XML syntax to
separate the scope from the value...


Actually, I think you did the right thing separating the scope from
the value, otherwise how would you list the permissible values of
eduPersonScopedAffiliation (for instance) in metadata?

well... on the contrary (or in addition to that?), I would prefer a consistent interpretation of "@whatever" of the attribute values. It appears that both scoped and unscoped attributes look the same after they've been accepted, but the meaning of "@whatever" is different. (Hence the mentioned problem with scope spoofing)


Sassa

Tom




Archive powered by MHonArc 2.6.16.

Top of Page