Skip to Content.
Sympa Menu

shibboleth-dev - RE: TargetedID Durability

Subject: Shibboleth Developers

List archive

RE: TargetedID Durability


Chronological Thread 
  • From: Jim Fox <>
  • To:
  • Subject: RE: TargetedID Durability
  • Date: Fri, 29 Jul 2005 15:10:18 -0700 (PDT)


A casual reader of this might come to the conclusion that he, as
as IdP, CAN, at any time. change the ePTID sent to an SP for a user and
maybe he SHOULD inform the SP, but he doesn't HAVE TO. And that
the notice of this change, if there is one, can come subsequent to the
change itself. Is that correct?

Yes, but these are certainly matters of policy, not technology. But without
a reasonable way to inform SPs when they change, the usefulness as a
recognition mechanism goes way down. I don't think it would be good behavior
to effect the change until the SP is notified, if there's any notification
happening at all.

But the IdP is always in charge in the Liberty model, whatever SPs like to
believe. This is why Amazon's not interested, unless they get to be the IdP.

Since one of the reasons for making changes is to "wipe" the slate clean at
an SP, it certainly isn't required in SAML that an SP know about it.


So, when Phil complained, jan 13,

"I now want to move our origin to 1.2.1 (which BTW, rocks),
but we'll kill all the TargetedIDs."

why your response,

"The big nasty is when they go to 1.2,
then that part of the seed changes and you're dead."

and not just, "who cares?"


And when Bob noted, july 5,

"At least some of the customers (PSU and USC) are using
targetedIds for the user ids they're sending to Napster,
so are concerned about the stability of these across
Shib IdP versions."

why the concern? What stability when the idp can effect changes
at whim?


And in the definition, from the shib glossary,

"Persistent Identifier (TargetedID): This special identifier
type allows an IdP and SP to preserve a single identifier
for one principal across all current and future transactions..."

am I to assume the words 'preserve' and 'future' mean only
what an advertiser might mean by them?


If there is no requirement on the persistence of ePTID then it
would appear to be nothing more than a nicety, providing the user
with a "pleasant browsing experience". Maybe that's all it is
and I've been way too concerned about our maintenance of them.
Generation on the fly might be the best approach after all.

Jim








Archive powered by MHonArc 2.6.16.

Top of Page