Skip to Content.
Sympa Menu

shibboleth-dev - Re: First draft of eduPerson/SAML profiles

Subject: Shibboleth Developers

List archive

Re: First draft of eduPerson/SAML profiles


Chronological Thread 
  • From: Tom Scavo <>
  • To: Alistair Young <>
  • Cc: Scott Cantor <>, , mace-dir <>
  • Subject: Re: First draft of eduPerson/SAML profiles
  • Date: Tue, 19 Apr 2005 09:22:00 -0400
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Y30kRZrBx7D/fRiA3h+OCb2luR6PWAvFnx0oNbn+jtVTpPi1EeI5lC+DWmaXX1tuESo6ChF5rDUsgDg8Wyawm/fff3b4TbFlqZtgVpuse+BJgv8R2l2AQ+Q8G58g2VYawoUULvoZ+3EmbTSQfBbTF72D3XuWWIh1iVzfTyj606U=
On 4/19/05, Alistair Young
<>
wrote:
>
> The thing that makes me uncomfortable is the requirement for a
> Shibboleth URN for all attributes. givenName is nothing to do with
> Shibboleth, so why should I have to use a shibboleth URN?

I agree. The profile tries to sneak in under the radar as a SAML
profile but really this is a Shibboleth profile and should be called
out as such.

> So, whereas we've got rid of one hard coding scenario for SPs,
> eduPersonTargetedID, we've introduced another - the requirement for
> IdPs that talk to shibboleth SPs to use a shibboleth URN.

Also, I'm not clear on what problem the alternative representation of
eduPersonTargetedID is supposed to solve. In SAML2,
eduPersonTargetedID becomes a name identifier, so doesn't the problem
more-or-less go away? Is eduPersonTargetedID (as an attribute)
totally obsolete with the arrival of SAML2?

Tom

Archive powered by MHonArc 2.6.16.

Top of Page