> -----Original Message----- > From: Sam Hartman [mailto:[email protected]] > Sent: Wednesday, January 19, 2011 5:19 PM > To: Jim Schaad > Cc: 'Josh Howlett'; 'Klaas Wierenga'; [email protected] > Subject: Re: [abfab] Proposed changes to draft-ieft-abfab-aaa-saml > > >>>>> "Jim" == Jim Schaad <[email protected]> writes: > > >> -----Original Message----- From: [email protected] > >> [mailto:[email protected]] On Behalf Of Josh Howlett Sent: > >> Tuesday, January 18, 2011 8:21 AM To: Klaas Wierenga; > >> [email protected] Cc: Josh Howlett Subject: Re: [abfab] Proposed > >> changes to draft-ieft-abfab-aaa-saml > >> > >> > > e.g. say we specify the "saml-20-aa" name to mean a SAML 2.0 > >> > attribute authority. An SP wanting to route a message to this > >> actor to > example.com prefixes the realm of the intended Issuer > >> with this, thus > "saml-20-aa.example.com". The AAA SAML > >> attribute within this request > message contains a SAML Request > >> message containing the identifier for > the subject. > >> > > >> > ehrm, that means there can only be one AA per realm? > >> > >> If that matters, I think you could have multiple AAs and > >> disambiguate by extending the naming semantics of the NAI. > > Jim> But the different AAs may be authorative for different > Jim> statements for the same individuals. This does not help. > > I think Josh was proposing ways of naming AAs. > > Why does that not help?
I thought that he was given an example of uniform name of an attribute authority, as oppose to suggesting that there might be different names. But that also implies that you need to be able to query as to which of the different authorities you need to query in order to get the attributes you care about. Even more issues of attribute name and quality matching to be dealt with. Jim _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
