NameId question

Cantor, Scott cantor.2 at
Wed Feb 27 12:14:00 EST 2013

On 2/27/13 10:38 AM, "Brewer, Edward L" <lee.brewer at Vanderbilt.Edu> wrote:

>So the answer to that is yes, this attribute is only for this particular
>relying party.  So what I am missing... and does it matter if I am only
>releasing this attribute to one relying party

The point of targeted is that by design the value's not meant to be shared
with a different relying party. A fixed userid is never something that
strictly speaking can meet that definition, although in practice if you
simply stipulate that you view the whole world as one common audience,
it's "targeted" to that audience.

>Question two,  "... and I don't know what specifically you're doing.."
>concerning use of one nameIDFormatPrecedence attribute.
>For this one I was attempting to only use the one nameID for this relying
>party so I assumed that I should only put in what I am looking for.

I don't know why that would not have worked.

>Question three, " The DenyValueRule requires an IdP that's not historic,
>I am using IdP 2.3.6... is that cool?


-- Scott

More information about the users mailing list