IdPv3 and generating persistent NameID

Cantor, Scott cantor.2 at
Fri May 1 12:34:50 EDT 2015

On 5/1/15, 12:15 PM, "Mads Freek Petersen" <freek at> wrote:
>> On 01 May 2015, at 18:04, Cantor, Scott <cantor.2 at> wrote:
>> There’s no current proposal to remove it, but deprecating it now is a signal that we want to.
>That would make shib users unable to meet the obligations of eduGAIN:

That statement is badly formulated. It's recommending a bad practice, and all I see there is a requirement that consent logic be able to handle the fact that some of the data being passed might not be attributes, which does cause problems, but doesn't have to be addressed by sending it in both places.

If the requirement is for IdPs to support consent in some specific way, it should say that.

I don't see us removing the feature until we have a way to address NameID data in the consent step.

-- Scott

More information about the users mailing list