[OGSA-AUTHZ] VO SAML Attribute Profile
David Chadwick
d.w.chadwick at kent.ac.uk
Thu Jan 17 12:02:10 CST 2008
Chad La Joie wrote:
>
> The biggest thing was the havoc it caused with other SAML software. A
> mistake that we've made numerous time in Shibboleth is assuming that
> other implementors aren't taking shortcuts. In this case, we assumed
> that because an AttributeValue could, in theory, contain any type of
> complex data implementations would either provide a way of handling such
> data or provide a good way for applications to get at the unaltered
> data.
this is in fact a symptom of a much larger common problem (which
originated with LDAP), which is, encoding type information into the
value field, instead of creating a new type or sub-type.
regards
David
Neither proved to be true. Most SAML implementations can only
> really support strings and will totally ignore any type indicator, some
> (ADFS) will even error out in some cases if you send it more complex data.
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the ogsa-authz-wg
mailing list