>>>>> "Cantor," == Cantor, Scott <[log in to unmask]> writes:
Cantor,> On 5/23/14, 11:09 AM, "Sam Hartman" <[log in to unmask]> wrote:
Cantor,> A simple way to do attribute aggregation is one, since you
Cantor,> need a correlation handle of some kind. One way is just not
Cantor,> using pairwise ID, but another is to selectively share
Cantor,> pairwise IDs with other parties under certain conditions.
OK.
So, I have an IDP, and attribute authority (AA), and an SP.
Each is run by a separate organization.
The IDP shares the SP-specific identifier with the AA.
The IDP shares the SP specific identifier with the SP)
Later, the SP contacts the AA.
The AA needs to know which SP is involved so it can know who to release
to and what authentication to require.
Have I got it?
Any considerations I'm missing?
|