IdPv3 and generating persistent NameID
Cantor, Scott
cantor.2 at osu.edu
Fri May 1 12:34:50 EDT 2015
On 5/1/15, 12:15 PM, "Mads Freek Petersen" <freek at wayf.dk> wrote:
>
>> On 01 May 2015, at 18:04, Cantor, Scott <cantor.2 at osu.edu> wrote:
>
>> There’s no current proposal to remove it, but deprecating it now is a signal that we want to.
>
>That would make shib users unable to meet the obligations of eduGAIN:
That statement is badly formulated. It's recommending a bad practice, and all I see there is a requirement that consent logic be able to handle the fact that some of the data being passed might not be attributes, which does cause problems, but doesn't have to be addressed by sending it in both places.
If the requirement is for IdPs to support consent in some specific way, it should say that.
I don't see us removing the feature until we have a way to address NameID data in the consent step.
-- Scott
More information about the users
mailing list