shibboleth-dev - Re: [Shib-Dev] Shib WG Topics

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Shib WG Topics

From: Tom Scavo <>
To:
Cc: Peter Schober <>
Subject: Re: [Shib-Dev] Shib WG Topics
Date: Thu, 7 Apr 2011 08:22:06 -0400
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=B3NreqsAzujz8mT1VJ/mfRyirqXuw9tDqZq5VFFgs6Zthmfxa8JspIxVwodvxYFXDg C7CwqJoIGEFE1i9XqCUqQx5MJExpCveABcdiMKLErbcRcWNXZOjwMj75NchMgUO1JMrf szY7aD1u07lzF7H8My1/MmJlt7QTJQuIafDVQ=

On Thu, Apr 7, 2011 at 7:57 AM, Peter Schober
<>
wrote:
>
> Well, if an SP requires ePTId OR ePPN to work (a rather common
> scenario) there is currently no way to express that in the existing
> metadata schema.
> I though that the proposed way to handle this was to list both and set
> isRequired="false" and document/communicate the either/or OOB.

Another (better?) approach is to define *two*
<md:AttributeConsumingService> elements in SP metadata, and then let
the SP try them in turn. If the first one fails (because the IdP can
not or will not supply a required attribute), then the SP simply tries
again.

Tom

Re: [Shib-Dev] Shib WG Topics, (continued)
- Re: [Shib-Dev] Shib WG Topics, Christopher Bongaarts, 04/04/2011
  - Re: [Shib-Dev] Shib WG Topics, Tom Scavo, 04/04/2011
- Re: [Shib-Dev] Shib WG Topics, Fredrik Thulin, 04/04/2011
  - Re: [Shib-Dev] Shib WG Topics, Tom Scavo, 04/04/2011
    - Re: [Shib-Dev] Shib WG Topics, Fredrik Thulin, 04/04/2011
- Re: [Shib-Dev] Shib WG Topics, Chad La Joie, 04/04/2011
  - Re: [Shib-Dev] Shib WG Topics, Nate Klingenstein, 04/04/2011

List archive

Re: [Shib-Dev] Shib WG Topics