Hi David:
> On 23/05/2014 10:18, Rhys Smith wrote:
>> On 23 May 2014, at 09:50, Gabriel López <[log in to unmask]> wrote:
>>
>>> Thinking a bit more about it, and the use case you described...
>>> Would it be possible RP and idP belonging to two different CoIs?
>>> If so, how the idP knows the right CoI to use? The RP should
>>> specify the desired CoI beforehand or the idP could issue the
>>> same attribute with two different values (one for each CoI
>>> value), but then the RP should check both of them in order to
>>> find the right value....
>>
>> As it stands in the world of Trust Router, RPs belong to a single
>> community of interest (IdPs are obviously members of as many as
>> they wish).
>
> I believe that Sam said this was a current implementation limit and
> not a conceptual one. I believe this restriction should be removed as
> a single RP may host different resources that require different LOAs
> (ie. trust levels) in order to be accessed. Constraining it to be in a
> single CoI seems to be unnecessarily restrictive
Completely agree with you. I would personally not understand the restriction of having an RP belonging to a single CoI.
P.D: However if the RP is allowed to belong to different CoIs then when a user requests the access I was wondering how the RP selects the appropriate CoI.
Best Regards.
>
> David
>
>
>>
>> So every request for access is always in the context of a
>> particular CoI, so this is not a problem.
>>
>> Rhys. -- Dr Rhys Smith Identity, Access, and Middleware Specialist
>> Cardiff University & Janet, the UK's research and education
>> network
>>
>> email: [log in to unmask] / [log in to unmask] GPG: 0x4638C985
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlN/M+gACgkQtoIMMbwjjeWeWgCfb7b9U2Bfjp7qc5mWm3w+Wd8R
> DU8An2gqLfQFBFKQSFfpWv9+1sQ1Kqbt
> =xF3k
> -----END PGP SIGNATURE-----
-------------------------------------------------------
Rafael Marin Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-University of Murcia
30100 Murcia - Spain
Telf: +34868888501 Fax: +34868884151 e-mail: [log in to unmask]
-------------------------------------------------------
|