I'm looking at ways to exchange attributes between SAML services that does not share a common user identifier. I would prefer a simpler solution than ID-WSF or similar.
As you probably know, in SAML 2.0 there is a profile 'Assertion Query Profile', which allows a requester to request a set of user attributes from a service. It is not possible to use this profile unless the request and the responder share an identifier representing the user. If I use OAuth to establish a front-channel connection in advance, the access token key may be used as the NameID in the AttributeQuery. My question is if anyone have already written a spec or draft outlining NameIDFormat identifiers in example, to contain an OAuth access token? Anyone that likes or dislikes the idea? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
