> > e.g. say we specify the "saml-20-aa" name to mean a SAML 2.0 > attribute authority. An SP wanting to route a message to this actor to > example.com prefixes the realm of the intended Issuer with this, thus > "saml-20-aa.example.com". The AAA SAML attribute within this request > message contains a SAML Request message containing the identifier for > the subject. > > ehrm, that means there can only be one AA per realm?
If that matters, I think you could have multiple AAs and disambiguate by extending the naming semantics of the NAI. Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
