shibboleth-dev - Re: Shibboleth Service Provider Security Advisory [14 December 2004]
Subject: Shibboleth Developers
List archive
- From: "Oleksandr Otenko" <>
- To: Tom Scavo <>
- Cc: Scott Cantor <>,
- Subject: Re: Shibboleth Service Provider Security Advisory [14 December 2004]
- Date: Wed, 15 Dec 2004 16:14:42 +0000
Tom Scavo wrote:
On Wed, 15 Dec 2004 09:59:50 -0500, Scott Cantor
<>
wrote:
In retrospect, it was probably a mistake to try and use an XML syntax to
separate the scope from the value...
Actually, I think you did the right thing separating the scope from
the value, otherwise how would you list the permissible values of
eduPersonScopedAffiliation (for instance) in metadata?
well... on the contrary (or in addition to that?), I would prefer a consistent interpretation of "@whatever" of the attribute values. It appears that both scoped and unscoped attributes look the same after they've been accepted, but the meaning of "@whatever" is different. (Hence the mentioned problem with scope spoofing)
Sassa
Tom
- Shibboleth Service Provider Security Advisory [14 December 2004], Scott Cantor, 12/14/2004
- Re: Shibboleth Service Provider Security Advisory [14 December 2004], Oleksandr Otenko, 12/15/2004
- RE: Shibboleth Service Provider Security Advisory [14 December 2004], Scott Cantor, 12/15/2004
- Re: Shibboleth Service Provider Security Advisory [14 December 2004], Tom Scavo, 12/15/2004
- Re: Shibboleth Service Provider Security Advisory [14 December 2004], Oleksandr Otenko, 12/15/2004
- RE: Shibboleth Service Provider Security Advisory [14 December 2004], Scott Cantor, 12/15/2004
- RE: Shibboleth Service Provider Security Advisory [14 December 2004], Scott Cantor, 12/15/2004
- Re: Shibboleth Service Provider Security Advisory [14 December 2004], Oleksandr Otenko, 12/15/2004
- RE: Shibboleth Service Provider Security Advisory [14 December 2004], Scott Cantor, 12/15/2004
- Re: Shibboleth Service Provider Security Advisory [14 December 2004], Oleksandr Otenko, 12/16/2004
- RE: Shibboleth Service Provider Security Advisory [14 December 2004], Scott Cantor, 12/15/2004
- Re: Shibboleth Service Provider Security Advisory [14 December 2004], Oleksandr Otenko, 12/15/2004
- Re: Shibboleth Service Provider Security Advisory [14 December 2004], Tom Scavo, 12/15/2004
- Re: Shibboleth Service Provider Security Advisory [14 December 2004], Oleksandr Otenko, 12/15/2004
- RE: Shibboleth Service Provider Security Advisory [14 December 2004], Scott Cantor, 12/15/2004
- RE: Shibboleth Service Provider Security Advisory [14 December 2004], Scott Cantor, 12/15/2004
- Re: Shibboleth Service Provider Security Advisory [14 December 2004], Oleksandr Otenko, 12/15/2004
Archive powered by MHonArc 2.6.16.