An open discussion list for topics related to the eduGAIN interfederation service.

[Leif Johansson <leifj AT sunet.se>]

On 2014-10-29 18:55, Peter Schober wrote:
> * Leif Johansson <leifj AT sunet.se> [2014-10-29 18:39]:
>> So just to be clear about this: entity categories can't solve all issues
>> with attribute release wo something like requiredattributes
> s/requiredattributes/requestedattributes/ right?
>> since entity categories typically don't let the SP fulfil the
>> minimality requirements.
>>
>> The R&S category is an example of this: you have to signal both
>> R&S *and* the list of attributes it needs.
> 
> Well, yes and no. Yes in that section 5 of REDEDS R&S talks about SPs
> requesting attributes. I've also interpreted the spec this way,
> https://wiki.univie.ac.at/display/federation/Service+Categories
> 
> No in the sense that REFEDS R&S defines a minimal subset, so an IDP
> cannot claim to support REFEDS R&S if it doesn't release those. From
> that follows that those don't actually need to be requested in SAML
> metadata: If the IDP doesn't deliver, it doesn't support REFEDS R&S.
> 
> I agree that REFEDS R&S was designed to work without relying on
> isRequired, but one could claim that it does work just fine without
> RequestedAttribute in SAML metadata, at least for the mininum subset.
> -peter
> 

This isn't about what the IDP can deliver but what the SP needs.

My understanding is that an SP can be in R&S and only need email. In
that case it can't request displayName and the IDP can't deliver it.

        Cheers Leif