edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] RequestedAttribute "in the field"

From: Ian Young <ian AT iay.org.uk>
To: Andy Bennett <andyjpb AT knodium.com>
Cc: edugain-discuss AT geant.net
Subject: Re: [eduGAIN-discuss] RequestedAttribute "in the field"
Date: Tue, 17 Jun 2014 08:45:34 +0100
Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass header.i= AT iay.org.uk
List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
List-id: eduGAIN discussion list <edugain-discuss.geant.net>

On 16 Jun 2014, at 13:38, Andy Bennett <andyjpb AT knodium.com> wrote:

> Finally, I think RAs *could* work for us is there was a agreement about
> what the "required" attribute does.

This is what the spec says about isRequired:

> Optional XML attribute indicates if the service requires the corresponding
> SAML attribute in order
> to function at all (as opposed to merely finding an attribute useful or
> desirable).

That seems very clear to me; I don't see much room there for disagreement
about the meaning.

The usual problem we run into with isRequired is that it isn't possible to
say that you require "either A or B". This comes up if you support both SAML
1 and SAML 2, of course, because ePTI is expressed as a different attribute
in the two protocols. There was some interesting discussion about
meta-attributes at the last REFEDS meeting which might help with that in the
longer term.

-- Ian

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Re: [eduGAIN-discuss] RequestedAttribute "in the field", Peter Schober, 16-Jun-2014
- Re: [eduGAIN-discuss] RequestedAttribute "in the field", Andy Bennett, 16-Jun-2014
  - Re: [eduGAIN-discuss] RequestedAttribute "in the field", Ian Young, 06/17/2014
    - Re: [eduGAIN-discuss] RequestedAttribute "in the field", Ian Young, 17-Jun-2014