Shibboleth Developers

[Walter Hoehn <>]

Could this be handled more easily if the grid client proxied an 
assertion containing only an authN statement and the grid service used 
this data to construct a direct query to the IdP?

-Walter


On Mar 26, 2005, at 9:10 AM, Tom Scavo wrote:

> Imagine that the grid client asks the AA for attributes and later
> pushes those attributes to the grid service.  To do this, the grid
> client needs to know what attributes to ask for, so the grid client
> first talks to the grid service to find out what attributes are
> required.  As a result of this initial exchange, the grid client can
> formulate a specific attribute query.
>
> The initial exchange between the grid client and the grid service
> might be avoided if the grid client knew the providerId of the grid
> service.  In this case, the providerId could somehow be passed to the
> AA in the query, the AA could apply the ARP for that grid service and
> return only the required attributes.

Attachment: smime.p7s
Description: S/MIME cryptographic signature