[Concordia] Notes from 1 Apr 2008 Concordia call
Scott Cantor
cantor.2 at osu.edu
Tue Apr 1 15:09:08 EDT 2008
> * The SP can't specify what it wants in the AuthnRequest
This has been generally viewed as a minority case by the folks in question,
but I continually raise it. It's also possible to put this in metadata and
reference it in the request, though.
> * There is no processing defined for such attributes, so in addition
to
> defining the attributes and values, we also have to define (new)
processing
> rules.
Well, not as such...but the rules are no different than any other
authz-related attributes. It's up the application or a resource manager to
require them and enforce them.
> * Existing implementations don't have the means to understand and
> process these attributes, and probably can't be configured to do so.
These
> changes require code modification.
Only if your implementation has no support for authz based on attributes. I
would assume that's pretty rare.
-- Scott
More information about the Community
mailing list