-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 23/05/2014 10:18, Rhys Smith wrote:
> On 23 May 2014, at 09:50, Gabriel López <[log in to unmask]> wrote:
>
>> Thinking a bit more about it, and the use case you described...
>> Would it be possible RP and idP belonging to two different CoIs?
>> If so, how the idP knows the right CoI to use? The RP should
>> specify the desired CoI beforehand or the idP could issue the
>> same attribute with two different values (one for each CoI
>> value), but then the RP should check both of them in order to
>> find the right value....
>
> As it stands in the world of Trust Router, RPs belong to a single
> community of interest (IdPs are obviously members of as many as
> they wish).
I believe that Sam said this was a current implementation limit and
not a conceptual one. I believe this restriction should be removed as
a single RP may host different resources that require different LOAs
(ie. trust levels) in order to be accessed. Constraining it to be in a
single CoI seems to be unnecessarily restrictive
David
>
> So every request for access is always in the context of a
> particular CoI, so this is not a problem.
>
> Rhys. -- Dr Rhys Smith Identity, Access, and Middleware Specialist
> Cardiff University & Janet, the UK's research and education
> network
>
> email: [log in to unmask] / [log in to unmask] GPG: 0x4638C985
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlN/M+gACgkQtoIMMbwjjeWeWgCfb7b9U2Bfjp7qc5mWm3w+Wd8R
DU8An2gqLfQFBFKQSFfpWv9+1sQ1Kqbt
=xF3k
-----END PGP SIGNATURE-----
|