> > >I would propose making the following changes > >1. Define a new name type that has two string values "user" and >"machine". >This corresponds to the current set of identity types that is defined by >TEAP. This would also allow for anonymous names to be returned to the RP >without any problems
I see no problem with this in principle, but there's probably a discussion needed on a couple of points: 1. Should these get defined by Abfab, or in the place(s) where these attributes are actually going to be used? If this is a generic requirement, it should probably happen in Abfab. Conversely if you are trying to solve a specific problem (e.g., for Plasma) it might be better defined there. 2. Are these best defined as name identifiers or attributes? The answer to this probably boils down to the specifics of the use case(s). Do you have these described anywhere? (I'm not throwing these discussion points up to avoid work; from experience, defining attributes can be a slippery slope into ocean-boiling). In any case, I'll take a look at the TEAP identity types and propose some straw-man text. >2. Either define or reference a SAML name type for NAIs. I am not sure >if >the new and old NAIs should be done differently as there are some >differences between the name matching rules. I also understand that if a >proxy re-writes the identifier in the RADIUS string, this field may not be >re-written as well depending on if the proxy is going to look for it. No problem with this in principle, but again it would be helpful to determine if this is a sufficiently generic requirement that it makes sense to define within Abfab or, if application-specific, elsewhere. > I need to do multiple queries [...] I cannot serialize them, as I would > with the HTTP binding How do I deal with it here? Why do you think that you cannot serialize them? > Profiling of the different attribute query based on the content - looking > at the SAML Profile document and the namespace of the attributes that > can be used in a single query Sorry, I am having difficulty parsing this. Could you explain again? Thanks, Josh. Janet is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
