shibboleth-dev - RE: SAML name identifiers
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: SAML name identifiers
- Date: Tue, 7 Mar 2006 11:50:02 -0500
- Organization: The Ohio State University
> I can do that if the persistent identifier is expressed as an
> attribute, but I don't see how I can do it if it's expressed as a
> NameID, even with NameIDPolicy.
You can't do it with NameIDPolicy, because that indicates a specific
requirement. You could do it with metadata, though probably not
interoperably, by listing both types in order of preference. I don't think
you'd find many products actually using the metadata that way though, it's
underspecified in those kinds of areas.
But I also doubt if most products will support attribute metadata either, so
I don't think that helps.
> I'm not unhappy with that -- passing the optional thing as an attribute
> is what we do now -- I'm just trying to understand your earlier
> statement about not seeing much use for attribute ePTI.
We can clearly do it either way, and commercially speaking, you've got
built-in support for these identifiers and probably no support for the
attribute, so which one should we be focusing on?
Also, one is part of the standard, and the other is an attribute defined in
a community. I think the former trumps the latter.
There's really not much point in debating the usefulness of a feature that
isn't going to be removed, though.
-- Scott
- Re: SAML name identifiers, (continued)
- Re: SAML name identifiers, Ian Young, 03/03/2006
- Re: SAML name identifiers, Alistair Young, 03/03/2006
- Re: SAML name identifiers, Ian Young, 03/03/2006
- RE: SAML name identifiers, Scott Cantor, 03/03/2006
- RE: SAML name identifiers, Scott Cantor, 03/03/2006
- Re: SAML name identifiers, Nate Klingenstein, 03/03/2006
- Re: SAML name identifiers, Alistair Young, 03/03/2006
- RE: SAML name identifiers, Scott Cantor, 03/03/2006
- Re: SAML name identifiers, Ian Young, 03/03/2006
- RE: SAML name identifiers, Scott Cantor, 03/03/2006
- Re: SAML name identifiers, Ian Young, 03/07/2006
- RE: SAML name identifiers, Scott Cantor, 03/07/2006
- Re: SAML name identifiers, Ian Young, 03/07/2006
- RE: SAML name identifiers, Scott Cantor, 03/03/2006
- Re: SAML name identifiers, Ian Young, 03/03/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
- RE: SAML name identifiers, Scott Cantor, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
- RE: SAML name identifiers, Scott Cantor, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/06/2006
- RE: SAML name identifiers, Scott Cantor, 03/06/2006
- Re: SAML name identifiers, Tom Scavo, 03/06/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
- RE: SAML name identifiers, Scott Cantor, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/06/2006
- RE: SAML name identifiers, Scott Cantor, 03/06/2006
- RE: SAML name identifiers, Scott Cantor, 03/05/2006
- Re: SAML name identifiers, Ian Young, 03/03/2006
Archive powered by MHonArc 2.6.16.