entity descriptors from multiple registrars

Ian Young ian at iay.org.uk
Wed Sep 17 12:16:24 EDT 2014


On 17 Sep 2014, at 16:58, Tom Scavo <trscavo at gmail.com> wrote:

> I definitely have use cases: two NSF-funded R&S SPs where the NSF
> dollars are intended to be used for US research, exclusively.

It seems odd to use the registrar ID for this. You'd be saying, essentially, that any user authenticated by an IdP registered by InCommon was assumed to be engaged in "US research" (however that's defined) but that any user (even the same user) authenticated by an IdP registered by some other registrar was assumed not to be engaged in an eligible activity. That seems like conflating two concepts, particularly in the longer term.

I realise that you may feel there's nothing else available to represent the concept you want; I'm just saying this isn't what the registrationAuthority is supposed to be for at all.

	-- Ian



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5943 bytes
Desc: not available
Url : http://shibboleth.net/pipermail/users/attachments/20140917/d06281e4/attachment.bin 


More information about the users mailing list