>
>That's fine. My point is that I believe that basically all COIs need to
>do this and that we need to have a well-described solution so that COIs
>can do this . It probably needs to be as simple to use from the RP
>standpoint as a proxy in the authentication path, otherwise people will
>prefer to use CORs with a proxy in the authentication path instead of
>COIs.
Ah ok; my inner pedant got carried away.
>What I want is for us as a community to describe how you talk to that
>attribute authority, and how you automate the configuration of talking
>to that attribute authority and how you implement all the above in our
>software so it is easier than the alternatives.
I agree that it would be valuable to do this. There are already one or two
models for this in conventional SAML federations, and my assumption was
that we could follow these examples by simply swapping one binding for
another (i.e., AAA for SOAP, and so the RP performs the SAML attribute
request over AAA).
Josh.
Janet is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
|