shibboleth-dev - Re: attribute push

Subject: Shibboleth Developers

List archive

Re: attribute push

From: "Tom Scavo" <>
To:
Subject: Re: attribute push
Date: Mon, 11 Sep 2006 08:34:55 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mVPy/sLz7JxB10zu0eVh57V2ybhv6Uh5oQb+USOB6/3yQ8O6KmJnHrHIDPmUu+dCAPZwa+8lLUlC2Oa7v1McmQt3J6rbUeU9djDp7a1zG+d74mctReIfoapUpbycAusnsUUI8CdEgfXgkzOgnqju3B1EqTHNN55DhxZUiAwrgSE=

On 9/11/06, Chad la Joie
<>
wrote:

We didn't discuss the layout of the message but we are moving towards a
primarily attribute push model. My guess, for SAML 2 at least, would be
one assertion, two statements.

Even for pull? I assume query is still an option...

We have no plans to drop the ability to
export the full assertion to the protected resource, but we also
acknowledge that some web servers will have issues with that as they
restrict the amount of data that may go into a header.

Would it help to strip away the response wrapper (and signature) and
expose only the assertion? Then SPs can choose whether or not they
want signed assertions.

Tom

attribute push, Tom Scavo, 09/11/2006
- Re: attribute push, Chad la Joie, 09/11/2006
  - Re: attribute push, Tom Scavo, 09/11/2006
    - Re: attribute push, Chad la Joie, 09/11/2006
    - RE: attribute push, Scott Cantor, 09/11/2006
  - Re: attribute push, Tom Scavo, 09/11/2006
    - Re: attribute push, Chad la Joie, 09/11/2006
    - RE: attribute push, Scott Cantor, 09/11/2006
- RE: attribute push, Scott Cantor, 09/11/2006
  - Re: attribute push, Tom Scavo, 09/11/2006
    - RE: attribute push, Scott Cantor, 09/11/2006
      - Re: attribute push, Tom Scavo, 09/11/2006
        
        RE: attribute push, Scott Cantor, 09/11/2006

List archive

Re: attribute push