> Josh> or attribute requests to an attribute > Josh> authority that is not the Identity Provider. > > I'm nervous about this for the trust model issues I brought up. > I could see using the same attribute in the cases where the trust model > is going to be the same. > However I definitely think we want a different attribute if we want > different processing semantics in the RP.
I don't follow this. Why can't we put these semantics to the SAML layer? > One particularly thorny issue will be what the IDP should do with a > request for an attribute from a different provider that it could > satisfy > but not under the trust model the RP was hoping for. I agree its thorny, but is this actually a use-case that we care about? I would prefer to punt it to the business layer. Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
