entity descriptors from multiple registrars
Cantor, Scott
cantor.2 at osu.edu
Wed Sep 17 12:13:21 EDT 2014
On 9/17/14, 11:58 AM, "Tom Scavo" <trscavo at gmail.com> wrote:
>
>I definitely have use cases: two NSF-funded R&S SPs where the NSF
>dollars are intended to be used for US research, exclusively. My need
>is real and immediate. Without a solution, extending our local
>implementation of R&S to the international research community is
>essentially blocked.
Not sure I can map that statement to a specific thing the metadata is
meant to solve. It certainly doesn't tell you the country of origin of an
account holder to know who registered an IdP.
I'm against using metadata and the identity of an IdP for authorization of
users, both before and after interfederation. It's the attributes that
should matter. What these policy controls would hit would be for filtering
of attributes, or if the IdP just didn't pass muster operationally or
something like that.
-- Scott
More information about the users
mailing list