>>> On 02/12/2009 at 15:50, in message <[log in to unmask]>, Sara Hopkins
<[log in to unmask]> wrote:
<> Blush> Indeed Andy, you're right; Rod has checked the code and verified
> that the code for the opaque string part of the targeted ID does not
> involve the entity ID of the IdP.
No need to <Blush> at all!!
> However, as you point out, the IdP's entity ID is still used in the
> newer versions of targeted ID, and we do still recommend that you retain
> the same entity ID across IdP software upgrades, as you and Adrian
> rightly intend to do.
Like Rhys says you can't be sure what an SP might actually do with the attributes once they get hold of them. I know some SPs required the Library to tell them the entity ID of the IdP that we would be coming to them from so that they could restrict access to sites who have subscribed. I think the advice to keep the entityID static where-ever possible is very sound.
It looks as though were going to be on target to migrate over a week on Monday. <fingers crossed>
Andy
The University of Dundee is a registered Scottish charity, No: SC015096
|