Scott wrote: > In practice, I don't think IdP-side aggregation works all that well and > the most common SAML profiles basically preclude it unless the IdP > reissues the data itself, so I tend to focus on doing it at the SP. But > then I write SPs, so that's a bias.
I also prefer SP-side aggregation. I'm personally okay with IdP-side aggregation within ABFAB scope, if we can do without authentication of aggregated issuers (i.e. an aggregated issuer is analogous to an IdP-local LDAP directory). Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
