Skip to Content.
Sympa Menu

shibboleth-dev - Re: attribute queries

Subject: Shibboleth Developers

List archive

Re: attribute queries


Chronological Thread 
  • From: Walter Hoehn <>
  • To: Tom Scavo <>
  • Cc: Scott Cantor <>, Shibboleth Development <>
  • Subject: Re: attribute queries
  • Date: Mon, 28 Mar 2005 08:40:08 -0600

Could this be handled more easily if the grid client proxied an assertion containing only an authN statement and the grid service used this data to construct a direct query to the IdP?

-Walter


On Mar 26, 2005, at 9:10 AM, Tom Scavo wrote:

Imagine that the grid client asks the AA for attributes and later
pushes those attributes to the grid service. To do this, the grid
client needs to know what attributes to ask for, so the grid client
first talks to the grid service to find out what attributes are
required. As a result of this initial exchange, the grid client can
formulate a specific attribute query.

The initial exchange between the grid client and the grid service
might be avoided if the grid client knew the providerId of the grid
service. In this case, the providerId could somehow be passed to the
AA in the query, the AA could apply the ARP for that grid service and
return only the required attributes.

Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.16.

Top of Page