shibboleth-dev - RE: Matching auth to attr request
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: "'Alistair Young'" <>
- Cc: "'Shibboleth Dev Team'" <>
- Subject: RE: Matching auth to attr request
- Date: Tue, 22 Mar 2005 10:42:27 -0500
- Organization: The Ohio State University
> does <Target> in arp.site.xml have any relation to the GET target? or
> is it used with providerId or NameQualifier? When deciding what
> attributes to release it can only go via providerId but you say it may
> not be set correctly, in which case it must be NameQualifier.
> What would your advice be for specifying <Target> in a <Rule>?
ARP Targets are always SP identifiers, never anything else except for 1.1
SPs. NameQualifier has nothing to do with this, ever, and is never examined
by the IdP except perhaps inside a naming plugin to check on the subject.
And this is all implementation detail anyway, ARPs are not part of the
specification.
> I thought a profile was the way in which the core SAML spec was used,
> rather than redefining parts of it?
We argued for Resource in the first place and nobody else uses it, so it was
not a big deal to profile it. Particularly since SAML screwed up by not
having an Issuer attribute in the protocol layer, despite me begging for it.
Without it, authentication of the protocol becomes very hard.
-- Scott
- Matching auth to attr request, Alistair Young, 03/17/2005
- RE: Matching auth to attr request, Scott Cantor, 03/17/2005
- Re: Matching auth to attr request, Alistair Young, 03/22/2005
- Re: Matching auth to attr request, Walter Hoehn, 03/22/2005
- RE: Matching auth to attr request, Scott Cantor, 03/22/2005
- RE: Matching auth to attr request, Scott Cantor, 03/22/2005
- Re: Matching auth to attr request, Walter Hoehn, 03/22/2005
- Re: Matching auth to attr request, Alistair Young, 03/22/2005
- RE: Matching auth to attr request, Scott Cantor, 03/17/2005
Archive powered by MHonArc 2.6.16.