Shibboleth Developers

["Alistair Young" <>]

> Does the attribute query block while the ADDI exchange takes place?
in the current profile it would have to, rather than break the exchange
and use ws callback at the SP but that's for the future!

Alistair


-- 
Alistair Young
Senior Software Engineer
UHI@Sabhal
 Mòr Ostaig
Isle of Skye
Scotland

> On 4/27/05, Sean Mehan 
> <>
>  wrote:
>>
>> This now leads to a new SAML profile, in the first instance just
>> extending
>> shibboleth's Browser/POST:
>>
>> 1) User accesses resource at SP
>> 2) SP sends GET request to user's IdP after WAYF finds out where that
>> is.
>> 3) IdP authenticates user and sends AuthenticationStatement back to SP.
>> 4) SP sends AttributeRequest to SP
>> 5) NEW - IdP queries SP's ADDI service for required attributes and any
>> vendor specific mappings based on the resource the user wants to access.
>> 6) IdP maps required attributes to local set and releases them based on
>> ARP
>> 7) SP makes decision based on incoming attributes from the IdP.
>
> Does the attribute query block while the ADDI exchange takes place?
>
> Tom
>