On 23 May 2014, at 09:50, Gabriel López <[log in to unmask]> wrote:
> Thinking a bit more about it, and the use case you described...
> Would it be possible RP and idP belonging to two different CoIs? If so,
> how the idP knows the right CoI to use? The RP should specify the
> desired CoI beforehand or the idP could issue the same attribute with
> two different values (one for each CoI value), but then the RP should
> check both of them in order to find the right value....
As it stands in the world of Trust Router, RPs belong to a single community of interest (IdPs are obviously members of as many as they wish).
So every request for access is always in the context of a particular CoI, so this is not a problem.
Rhys.
--
Dr Rhys Smith
Identity, Access, and Middleware Specialist
Cardiff University & Janet, the UK's research and education network
email: [log in to unmask] / [log in to unmask]
GPG: 0x4638C985
|