Skip to Content.
Sympa Menu

shibboleth-dev - Re: The Grid Use Case

Subject: Shibboleth Developers

List archive

Re: The Grid Use Case


Chronological Thread 
  • From: "Tom Scavo" <>
  • To:
  • Subject: Re: The Grid Use Case
  • Date: Wed, 31 Oct 2007 11:25:27 -0400
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=GxBfwlStnM0ASqW9m5a8r9vdlDJiPasd3xGiVnzNLPEPA2KjFD8XwkaXw2u7QMvTJr65ht2BKZ4eLEgbDla1FSiLK+Xyy93ioZ6EeX430DME5l2FguuPDt9mFlGFYFM02NvfwlRUqI/6aIRskczr0a1qud1pm7vYA3m2t1r1Z68=
On 10/31/07, Chad La Joie
<>
wrote:
>
> Tom Scavo wrote:
> >
> > 1. The IdP asserts an SSO assertion with the following characteristics:
> > * The assertion is unencrypted
> > * There is a digital signature on the <Assertion> element
> > * The <AuthnContext> element distinguishes between two levels of
> > assurance
> > * The IdP asserts a persistent, non-reassignable identifier (encrypted)
> > * The assertion may contain non-identity attributes such as ePSA
> > (unencrypted)
> >
> > * Can the Shib IdP 2.0 be made to issue such an assertion?
>
> Yes. Generally though, I imagine most people will encrypt the assertion
> if they're pushing attributes in it.

Thanks for the reply. The above assertion doesn't expose the user's
identity so it seems harmless. In any event, will the Shib IdP 2.0
encrypt the NameID and Attribute elements selectively (i.e., on a
case-by-case basis).

Thanks,
Tom

Archive powered by MHonArc 2.6.16.

Top of Page