Alistair Young wrote:
> I get the impression it would be very easy for an IdP to work out what
> user is being referenced, given, say a NameIdentifier and AssertionId. A
> simple grep of the logs would be enough. Or is that too simplistic a view?
Not at all, grepping the logs is exactly the sort of thing we had in mind.
> The hard part is the SP locating that information in it's own logs and
> matching those tokens to a flame post in a shibbed message board for
> example. I presume that's what all this is for?
Yes, things like that or egregious abuses of licensed resources. One
I've heard about more than once is the person who downloads maps of
every part of the UK from a geo server.
The question of how the SP maintains the information required at their
end is, of course, up to them. You don't have to care about that for
section 6 purposes.
-- Ian
|