shibboleth-dev - RE: GridShib profile
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: "'Tom Barton'" <>, "'Shibboleth Development'" <>
- Subject: RE: GridShib profile
- Date: Tue, 8 Mar 2005 16:01:10 -0500
- Organization: The Ohio State University
> > It's ignored in SAML 2.0 for this use case. Attribute queries by
> > reference are not allowed except during SSO.
>
> Can you explain that last sentence to me?
There's an attribute in the AuthnRequest element called
AttributeConsumingServiceIndex. It's a shorthand way of pulling in a set of
attributes by reference to create an implicit query during SSO. The message
would be too big otherwise.
There is no such facility in the AttributeQuery element because there is no
space limitation and queries are like SQL. You tell the database what you
want and it gives it to you (or not). Or you say "select *" and you get
everything that would apply to that context.
The purpose behind "query metadata" that includes attributes is not to
optimize queries but to provision ARPs. The mystical ARP GUI, in other
words.
-- Scott
- Re: Gridshib profile, Von Welch, 03/03/2005
- Re: Gridshib profile, Tom Scavo, 03/04/2005
- RE: Gridshib profile, Scott Cantor, 03/04/2005
- <Possible follow-up(s)>
- GridShib profile, Tom Scavo, 03/08/2005
- RE: GridShib profile, Scott Cantor, 03/08/2005
- Re: GridShib profile, Tom Barton, 03/08/2005
- RE: GridShib profile, Scott Cantor, 03/08/2005
- Re: GridShib profile, Tom Barton, 03/08/2005
- RE: GridShib profile, Scott Cantor, 03/08/2005
- Re: GridShib profile, Tom Scavo, 03/08/2005
- RE: GridShib profile, Scott Cantor, 03/09/2005
- Re: GridShib profile, Tom Scavo, 03/10/2005
- RE: GridShib profile, Scott Cantor, 03/10/2005
- Re: GridShib profile, Tom Scavo, 03/10/2005
- RE: GridShib profile, Scott Cantor, 03/08/2005
- Re: Gridshib profile, Tom Scavo, 03/04/2005
Archive powered by MHonArc 2.6.16.