Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] Metadata for Consent

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Metadata for Consent


Chronological Thread 
  • From: Tom Scavo <>
  • To:
  • Cc: Nate Klingenstein <>
  • Subject: Re: [Shib-Dev] Metadata for Consent
  • Date: Fri, 18 Feb 2011 16:57:01 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=JE8gHjnq64WvQ1Fy4nYKxMhsNVMAi4Kmx02f/wuZnbWjxUa+10FzcWRUVnUIGDLu6K XZr7nJPRoplQ68Bri6329+L93W7rSUvzsq57WLzq2dz5NAsr1L8Wu7nazpzHqCt9BBKA 238BSLDNs2LXDwOk/Ukd7iOCNK4s6p0x3919M=
On Fri, Feb 18, 2011 at 12:57 AM, Nate Klingenstein
<>
wrote:
>
> Their intent is to build an interface that supports the optionality of
> <md:RequestedAttribute> in consent, and "isRequired='false'" is almost
> impossible to interpret without explanatory text.

I'm about ready to find that out for myself :-) but I don't doubt it
at all. The most complicated parts of SAML are certain XML attributes
here and there, and isRequired is almost certainly one of them. We're
preparing to spin our wheels on this one.

> It may be that the
> optionality was a bad idea in the first place, but without that or an
> <OR>/policy logic, I don't see how you would support "a persistent,
> non-reassigned identifier".

I've given up on that. I agree with Scott (and others) that it's
either XACML or nothing.

Tom

Archive powered by MHonArc 2.6.16.

Top of Page