> > Here's what I think we need out of the SAML request. I think it
> > provides a place for S to indicate what attributes it
> needs. First,
> > is this correct? Secondly, is there anything else that our
> particular
> > use cases get out of a SAML request?
>
> I think the way to answer that is best handled by starting
> with what you want to get in return, and then in parallel
> setting out the assumptions made about what knowledge of the
> user exists between S, the entity making the request (if it's
> not S), and the IdP.
>
> The main thing we have to do is determine the "fit" between
> those answers and the existing protocols in SAML.
At the risk of generalising, I think it is interesting to consider
whether we can extrapolate from today's Web SSO practices, particularly
as in the use-cases we're not using SAML for authentication (where we
might care about LoA etc); only as a source of attributes. The SAML IdP,
consequently, says what goes and what doesn't and the request is moot.
josh.
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
|