[Concordia] meeting notes finally online

Paul Madsen paulmadsen at rogers.com
Fri Dec 14 16:28:57 EST 2007 

Given the ECP context of this sentence in the minutes, I think Mike has 
half the jist

It's about using a SAML ECP for IDP selection, in order to enable SSO 
based on a pseudonym for the user, but with no additional (claimed) 
attributes flowing along with the identifier.

I expect that the confusion arose because, to me at least, (and perhaps 
other SAMLilites), a 'claim' is synonomous with an 'assertion', so it 
read strange to see the equivalent of  'no list of assertions'

paul

Beach, Michael C wrote:
> Maybe I am not following, but we have many cases, particularly in the
> defense space where an SP/RP will want only subject identifier and
> authentication attributes/level/context. The SP/RP has an internal
> account that is associated with the subject identifier, all
> authorization logic and authorization data is internal to the SP/RP. The
> SP/RP only wants to know who are you and what level (or context, or ???)
> authentication did you use.
>
> Mike Beach, CISSP
> Chief Security Designer
> Information Security
> The Boeing Company
> michael.c.beach at boeing.com
>
> -----Original Message-----
> From: Eve Maler [mailto:Eve.Maler at Sun.COM] 
> Sent: Friday, December 14, 2007 12:30 PM
> To: Brett McDowell
> Cc: community at projectconcordia.org
> Subject: Re: [Concordia] meeting notes finally online
>
> Searching on those notes, I found this:
>
> "Mike J. captured this new scenario as "IdP Selection, Auth Attributes
> but not list of claims"."
>
> That's what I was remembering, but now I want to review in light of the
> great discussion from yesterday.  Britta has sent me her notes and I
> hope to post them this afternoon or over the weekend.
>
> 	Eve
>
> On Dec 14, 2007, at 12:23 PM, Brett McDowell wrote:
>
>   
>> Eve, which scenario was that from?
>>
>> On Dec 13, 2007, at 11:58 AM, Eve Maler wrote:
>>
>>     
>>> Related to this, I had a question about the notes from the last 
>>> workshop (which I've only read very quickly so far) -- there was 
>>> something about "authentication attributes without claims" as a 
>>> scenario, which I can't make heads/tails of...
>>>
>>> 	Eve
>>>
>>>       
>
> Eve Maler                                         +1 425 947 4522
> Principal Engineer                            eve.maler @ sun.com
> CTO Business Alliances group                Sun Microsystems, Inc.
>
> _______________________________________________
> Community mailing list
> Community at projectconcordia.org
> http://lists.projectconcordia.org/mailman/listinfo/community
>
> Participating in this discussion list does not grant any intellectual
> property rights or any commitment by the participants of the content
> discussed to any organization.
> _______________________________________________
> Community mailing list
> Community at projectconcordia.org
> http://lists.projectconcordia.org/mailman/listinfo/community
>
> Participating in this discussion list does not grant any intellectual property rights or any commitment by the participants of the content discussed to any organization.
>
>
>   

-- 
Paul Madsen             e:paulmadsen @ ntt-at.com
NTT                     p:613-482-0432
                        m:613-282-8647
                        aim:PaulMdsn5
                        web:connectid.blogspot.com

More information about the Community mailing list