>>> On 24/02/2010 at 14:14, in message <007f01cab55b$9e7c2d30$db748790$@com>, Rod
Widdowson <[log in to unmask]> wrote:
> I'm not sure I understand. But right now the SAML2 version of ePTID can be
> sent in SAML1. IdPs are encouraged to produce it for SAML1 and SPs are
> encouraged to understand both old and new.
>
> Note however that when stripped of all the syntactic sugar the value is the
> same and so you can massage one into the other,
>
And indeed you can see this if you go to one of Ian Youngs test SPs or as I've found quite useful to do here, create a local SP to report back the attributes that are released . You can see the "similarity":
persistent-id https://idp.dundee.ac.uk/shibboleth!https://idptest.dundee.ac.uk/shibbolethSP!BZxI8TK+LLYTp5NHSyyioT6C3V4=
targeted-id [log in to unmask]
>
> There is definitely the possibility that when people start using SAML2 (we
> still use a WAYF so I'm guessing that most traffic is SAML1) misconfigured
> SPs may "lose" personalization.
But the outcry will be huge and they will fix it (I hope!).
Andy
************************************************************
Please consider the environment. Do you really need to print this email?
|