shibboleth-dev - Re: [Shib-Dev] uApprove + IdP 3.x
Subject: Shibboleth Developers
List archive
- From: Kristof BAJNOK <>
- To:
- Subject: Re: [Shib-Dev] uApprove + IdP 3.x
- Date: Fri, 19 Mar 2010 14:02:07 +0100
- Organization: NIIF Institute
On Friday 19 March 2010 13.18.12 Chad La Joie wrote:
> Persistent NameIDs has nothing to do with whether you do attribute
> queries. If your federation is moving in a direction where it will
> require the user to consent to attribute releases then by definition
> you can not do back-channel releases.
Ideally an IdP should:
* NOT release attributes _before_ user consent has been given
* release attributes if the user has given it the right to do so
* NOT release attributes _after_ the user has withdrawn the approval
Regardless of the binding being used. And I'm still advocating that this is
truly a filtering step.
Kristof
- uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Peter Schober, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- RE: [Shib-Dev] uApprove + IdP 3.x, Scott Cantor, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/21/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
Archive powered by MHonArc 2.6.16.