What would be best practice for an IdP which is using SAML2 WBSSO and wants to maintain continuity of service with service providers? i.e. it's using shibboleth just now with the simple shibboleth attribute naming conventions (urn:mace:dir ... edu*)
should it use the full blown SAML2 attribute naming convention:
urn:oasis:names:tc:SAML:2.0:attrname-format:uri
or the more "shibby" type version:
urn:oasis:names:tc:SAML:2.0:attrname-format:basic
it seems that perhaps urn:oasis:names:tc:SAML:2.0:attrname-format:basic is more common in the fed for SAML2 profiles?
thanks,
Alistair
--------------
mov eax,1
mov ebx,0
int 80
|