Shibboleth Developers

[Tom Scavo <>]

Doesn't the AA check the veracity of NameQualifier?  I guess it
doesn't matter since none of the existing NameIdentifierMapping
implementations satisfy our use case (or so it seems).  Are we going
to have to write our own?


On Wed, 9 Mar 2005 21:38:02 -0500, Scott Cantor 
<>
 wrote:
> My only real comment (aside from the ongoing metadata discussion hopefully
> resulting in a TC-approved extension) is the use of NameQualifier. I find it
> a fairly nasty source of interop headaches and we've been trying to
> de-emphasize it in Shibboleth, at least until 2.0 when it's a little more
> precisely defined.
> 
> For an X.500 DN subject, I think I'd omit it or leave it "ignorable" to
> maximize interop with other SAML products. They seem to be pretty arbitrary
> about using it.
> 
> -- Scott
> 
>