The definition of principal
Cantor, Scott
cantor.2 at osu.edu
Fri Sep 26 12:18:35 EDT 2014
On 9/26/14, 12:13 PM, "Eric Goodman" <Eric.Goodman at ucop.edu> wrote:
>
>When dealing with vendors who insist on receiving identifiers in the
>NameID portion of the assertion, we¹ve taken to using the URN of the
>attribute that¹s being populated as the NameID format. That is, we use
>the URN that the value would have had if we were able to pass the value
>as an attribute.
That's the profile I defined to address that use case. Note, Mike's the
vendor here, the SP. He's asking about an IdP that apparently claims to
want to do this.
>
>It¹s extremely one-off, but as Scott notes, the pre-defined NameID
>formats match the identifiers we¹re using, so neither is it correct to
>use any existing values, so we¹re doomed to dealing with things one-off
>with such vendors anyway. At least using the URN lets *us* easily see
>what the custom value semantics are, and we can use it consistently
>across vendors.
It's not a one-off in that sense, you're following a profile, clearly
identifying the format with a standard value that has general
applicability, and not lying about the data.
The one-off aspect is that every vendor probably wants a different one.
-- Scott
More information about the users
mailing list