-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/18/11 5:08 PM, Josh Howlett wrote: >> >> Control question for Sam and Scott: is it possible (and >> >> reasonably easy) to do SP-centric attribute aggregation for >> >> abfab, by which I mean having the SP issue additional attribute >> >> queries to IdPs within the AAA-centric trust model proposed by >> >> Sam and Josh? >> >> Josh> Yes, possible and easy (assuming, obviously, we can assume >> Josh> that the SPs and IdP have a common identifier for the >> Josh> subject). >> >> Josh, I suspect you are right, but the details are not clear to me. > > Nor me in truth; I suspect that I am about to discover it was inadvisable of > me to claim 'easy' :-) > >> How does the SP address the request to a particular AA? > > The model that I have in mind is that we specify a set of standard endpoint > locator names for different type of Issuer roles. These can be used, in > conjunction with the NAI realm of the Issuer, to construct a complete NAI. > > e.g. say we specify the "saml-20-aa" name to mean a SAML 2.0 attribute > authority. An SP wanting to route a message to this actor to example.com > prefixes the realm of the intended Issuer with this, thus > "saml-20-aa.example.com". The AAA SAML attribute within this request message > contains a SAML Request message containing the identifier for the subject.
ehrm, that means there can only be one AA per realm? Klaas > > Josh. > > JANET(UK) is a trading name of The JNT Association, a company limited > by guarantee which is registered in England under No. 2881024 > and whose Registered Office is at Lumen House, Library Avenue, > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG > > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk01vTMACgkQH2Wy/p4XeFKrNwCgwHwYGbOoQzf2PZbrlESQrL+M 1qwAn18ifZoYdY4hObd8AebQVaeZD3lT =tNXp -----END PGP SIGNATURE----- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
