Why not ask the user to choose an ID and then store it? After all the
IDP has to store the value that it auto-generates, as someone pointed
out in an earlier post. We cant rely on recreation on the fly.
David
On 22/05/2014 13:41, Rhys Smith wrote:
> On 22 May 2014, at 12:49, David Chadwick <[log in to unmask]>
> wrote:
>
>> The key factor to me is whether the user knows the value of this
>> ID before it is first used, as this will make the life of the RP
>> admin easier i.e. can the value be preconfigured into the access
>> control rules or does some protocol interaction have to take
>> place first in order to get at this value before it can be
>> configured into the access control rules.
>
> As I think was said earlier in this thread - this is not a bad idea
> at all in principle, but in practice this would require a service
> at every IdP that knows every RP, Realm, CoI, etc (depending on
> what identifiers we end up using) so that it can pre-generate them
> and show them to the user. Not impossible, but it’s something that
> would have to be made, and there’s a question of usability -
> whether people would prefer to go to the resource and link their
> account manually that way.
>
> Rhys. -- Dr Rhys Smith Identity, Access, and Middleware Specialist
> Cardiff University & Janet, the UK's research and education
> network
>
> email: [log in to unmask] / [log in to unmask] GPG: 0x4638C985
>
|