shibboleth-dev - Re: attribute queries
Subject: Shibboleth Developers
List archive
- From: Tom Scavo <>
- To: Scott Cantor <>
- Cc: Frank Siebenlist <>, Shibboleth Dev Team <>
- Subject: Re: attribute queries
- Date: Wed, 30 Mar 2005 14:13:25 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=VrdMyjKsEKGgotDM5pcDKDrBn7zoP1yfpoHRuDNM9xM0W4fI1dOCuOUBsZphpLkJQ4Fc6uThZxK17EHz+LDNyZFMa9iIXY1gEJKm3z4B5XDoipGiVVoIAEwX2Kt6cD21eG4rjC5HaDd3gkNXyzzlcvnpTNAGgs799ur/JL1+6K0=
On Wed, 30 Mar 2005 12:51:09 -0500, Scott Cantor
<>
wrote:
>
> I guess there's a possibility we could push the TC to adopt and bless your
> profile/extension. The current profile that BAH is proposing, while similar,
> isn't exactly lining up. It doesn't support push, and it also uses
> holder-of-key subject confirmation, although I suppose you could adopt that
> part without really breaking anything you're doing.
(The following is my own personal opinion.) We can and should build
on the BAH profile, but it sorely needs a rewrite. It should build
squarely on existing specifications such as SAML 2.0 Metadata and the
Assertion Query/Request Profile. Moreover, the security requirements
of the BAH profile are too strict for our use case (and in general, I
believe). If these issues aren't addressed in the next draft (is a
2nd draft forthcoming?) we will probably have to write our own.
Tom
PS. "BAH" stands for "Booz Allen Hamilton", the author of "SAML X.509
Authentication-based Attribute Sharing Profile":
http://www.oasis-open.org/committees/download.php/11323/sstc-saml-x509-authn-based-attribute-protocol-profile-2.0-draft-02.pdf
- Re: attribute queries, (continued)
- Re: attribute queries, Tom Scavo, 03/28/2005
- RE: attribute queries, Scott Cantor, 03/28/2005
- Re: attribute queries, Tom Scavo, 03/28/2005
- RE: attribute queries, Scott Cantor, 03/28/2005
- RE: attribute queries, Scott Cantor, 03/29/2005
- Re: attribute queries, Frank Siebenlist, 03/30/2005
- RE: attribute queries, Scott Cantor, 03/30/2005
- Re: attribute queries, Frank Siebenlist, 03/30/2005
- RE: attribute queries, Scott Cantor, 03/30/2005
- Re: attribute queries, Tom Scavo, 03/30/2005
- RE: attribute queries, Scott Cantor, 03/30/2005
- RE: attribute queries, Scott Cantor, 03/30/2005
- Re: attribute queries, Frank Siebenlist, 03/30/2005
- RE: attribute queries, Scott Cantor, 03/30/2005
- Re: attribute queries, Frank Siebenlist, 03/30/2005
Archive powered by MHonArc 2.6.16.