On 2/28/14, 10:35 AM, "David Chadwick" <[log in to unmask]> wrote:
>But once we move to ABFAB there is a standard way of exposing a local
>user identifier attribute to the RP, through a SAML attribute carried in
>the Radius attribute. So this can be written up as the standard way of
>uniquely identifying the user, without defining the actual attribute
>type. Different communities can profile this method by defining the
>attribute type they will use in their federation or community.
No, that's not the relevant issue, I'm talking about GSS-API, which is not
specific to ABFAB. The only standard application interface to a user
identity is the GSS initiator name. If extension naming attributes are to
be used, then there has to be a standard one that is intended to hold the
user identity for apps like SSH.
-- Scott
|