-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/17/11 4:37 PM, Josh Howlett wrote: >>>> Control question for Sam and Scott: is it possible (and reasonably >>>> easy) to do SP-centric attribute aggregation for abfab, by which I >>>> mean having the SP issue additional attribute queries to IdPs within >>>> the AAA-centric trust model proposed by Sam and Josh? >>> >>> Yes, possible and easy (assuming, obviously, we can assume that the >>> SPs and IdP have a common identifier for the subject). >> >> can the SP only get attributes through the IdP? > > Sorry, can you clarify the question? (I thought I answered that in my > response)
well, you state that the IdP and the SP need to have an identifier in common for the subject. I was thinking about an attribute authority different from the "original" IdP. So let's say I authenticate to my school and the SP goes on and gets some aditional attributes from the ministry of education... That is covered by Leif's statement "An AA is an IdP too...", but I want to make sure that the trust model allows for that kind of scenario's. Klaas -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk00aSMACgkQH2Wy/p4XeFKHCgCgkhWNvGj9fy5gu+owbK+pLgru gUcAoIEyZDOXsh2Bv7XrpxJ8VcPjiX6i =aT9S -----END PGP SIGNATURE----- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
