[mdx] GH issue 3: lookup based on entity attributes
Ian Young
ian at iay.org.uk
Wed Nov 27 09:20:21 PST 2013
On 27 Nov 2013, at 17:08, Tom Scavo <trscavo at gmail.com> wrote:
> On Wed, Nov 27, 2013 at 10:45 AM, Ian Young <ian at iay.org.uk> wrote:
>>
>> The usual question needs to be: is there a near-term, concrete use case for this ability, or does having the responder assign an identifier to an arbitrary collection suffice for the moment?
>
> I don't understand. If only (3) is supported, how will a responder
> know when the ID is an entityID or the value of an entity attribute?
> Seems like case (2) (at least) is needed.
What I had in mind was that the responder would assign an identifier to cover the collection of entities with some particular characteristic. So, the collection of entities which met the condition "SAML entity attribute X contains value Y, and also supports SAML 2 but not SAML 1" could be given the identifier "foo". Then, a query for the identifier "foo" would return that collection of entities.
Obviously the responder would want to pick identifiers that weren't likely to be used by entities, but that's a consequence of treating groups and individual entities as the same thing, which has always been the way this protocol has been defined. It's not unchangeable (for example one could query for group identifiers at a different path under the base URL) but it would complicate things a little.
-- Ian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5943 bytes
Desc: not available
URL: <http://lists.iay.org.uk/pipermail/mdx-iay.org.uk/attachments/20131127/95a93fa0/attachment.bin>
More information about the mdx
mailing list