Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Assessment of Hong Kong/HKAF for eduGAIN membership

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Assessment of Hong Kong/HKAF for eduGAIN membership


Chronological Thread 
  • From: Peter Schober <peter.schober AT univie.ac.at>
  • To: edugain-discuss AT lists.geant.org
  • Subject: Re: [eduGAIN-discuss] Assessment of Hong Kong/HKAF for eduGAIN membership
  • Date: Thu, 12 Oct 2017 00:53:23 +0200
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=univie.ac.at
  • Organization: ACOnet

* Nick Roy <nroy AT internet2.edu> [2017-10-11 22:09]:
> Isn't persistent nameID a hashed triple of user ID, issuer entityID and
> audience entityID?

The SAML spec doesn't mandate you implement the user-specific part
that way (the other 2 parts are either implied/defaulted or included
as NameQualifier and SPNameQUalifier explicitly), but I don't see how
that's material, esp not for the conclusion you seem to be drawing
below from the way the opaque, service-specific pseudonym is being
generated.

> If so, by definition all implementations have to be able to support
> automatic generation.  It's not limited to Shibboleth.

If X is implemented by method M every SAML implementation has to be
able to support X? "By definition"?
I have no idea how the support for generating SAML spec-conformant
persistent NameIDs is across IDP implementations or whether all IDP
implememtations have full scripting support to make up for missing
features -- and this all seems quite a bit academic to me[1] -- but I
cannot follow the logic/argument here. (Not that this matters, of
course.)

-peter

[1] Note that much of thread is unreadable to me using a Mail User
Agent that's not a web browser ("large green bold font"? nope.)
so I have not made the effort of trying to untangle that mess of
quoting and HTML-only "semantics".



Archive powered by MHonArc 2.6.19.

Top of Page