> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Josh Howlett > Sent: Tuesday, January 18, 2011 8:21 AM > To: Klaas Wierenga; [email protected] > Cc: Josh Howlett > Subject: Re: [abfab] Proposed changes to draft-ieft-abfab-aaa-saml > > > > e.g. say we specify the "saml-20-aa" name to mean a SAML 2.0 > > attribute authority. An SP wanting to route a message to this actor to > > example.com prefixes the realm of the intended Issuer with this, thus > > "saml-20-aa.example.com". The AAA SAML attribute within this request > > message contains a SAML Request message containing the identifier for > > the subject. > > > > ehrm, that means there can only be one AA per realm? > > If that matters, I think you could have multiple AAs and disambiguate by > extending the naming semantics of the NAI.
But the different AAs may be authorative for different statements for the same individuals. This does not help. Jim > > Josh. > > JANET(UK) is a trading name of The JNT Association, a company limited by > guarantee which is registered in England under No. 2881024 and whose > Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, > Oxfordshire. OX11 0SG > > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
