>>>>> "Jim" == Jim Schaad <[email protected]> writes:
>> -----Original Message----- From: [email protected]
>> [mailto:[email protected]] On Behalf Of Josh Howlett Sent:
>> Tuesday, January 18, 2011 8:21 AM To: Klaas Wierenga;
>> [email protected] Cc: Josh Howlett Subject: Re: [abfab] Proposed
>> changes to draft-ieft-abfab-aaa-saml
>>
>> > > e.g. say we specify the "saml-20-aa" name to mean a SAML 2.0
>> > attribute authority. An SP wanting to route a message to this
>> actor to > example.com prefixes the realm of the intended Issuer
>> with this, thus > "saml-20-aa.example.com". The AAA SAML
>> attribute within this request > message contains a SAML Request
>> message containing the identifier for > the subject.
>> >
>> > ehrm, that means there can only be one AA per realm?
>>
>> If that matters, I think you could have multiple AAs and
>> disambiguate by extending the naming semantics of the NAI.
Jim> But the different AAs may be authorative for different
Jim> statements for the same individuals. This does not help.
I think Josh was proposing ways of naming AAs.
Why does that not help?
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
