Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] [IdPv3] Consent Engine Work

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] [IdPv3] Consent Engine Work


Chronological Thread 
  • From: Tom Scavo <>
  • To:
  • Subject: Re: [Shib-Dev] [IdPv3] Consent Engine Work
  • Date: Mon, 27 Sep 2010 08:11:01 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=eD8IsmCvZlRg6gxrQgu1NvwxQpoiEe86wwIrkFJq+w8suNYRYAdBCVZEQQqFPQF0hh kdzovg3fI1DkcArLClbRWV6ZNPFhoMo1wnh+Li/ZDse/raoIY5Tigtx/nwfO2IeFi8FW d4eaSHZoK939YHGanymrDJwmv60lQd3XMJOnw=
On Sat, Sep 25, 2010 at 1:10 PM, Scott Cantor
<>
wrote:
>
> It is necessary to articulate an expectation of possible behvaior. Since an
> IdP MAY send anything it wants at any time, including an error, at the end
> of the day, that's what SPs have to handle.

That's a start. Here are a couple of other items that may need to be
discussed:

- the effect of isPassive="true" in consent-based SSO
- the fact that persistent name IDs need to be redundantly asserted as
attributes

Speaking of persistent identifiers, how does the SP ask for a
"persistent, non-reassigned identifier"? There are a number of
attributes that satisfy that requirement, so how does the SP encode
its requirement for one of them?

Tom

Archive powered by MHonArc 2.6.16.

Top of Page