Skip to Content.
Sympa Menu

interfed - Re: [inc-interfed] attribute release from the EU .....

Subject: Interfederation

List archive

Re: [inc-interfed] attribute release from the EU .....


Chronological Thread 
  • From: Scott Koranda <>
  • To:
  • Subject: Re: [inc-interfed] attribute release from the EU .....
  • Date: Sat, 8 Jun 2013 16:37:51 -0500
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=pass (signature verified)

Hi,

On Sat, Jun 8, 2013 at 12:09 PM, Cantor, Scott
<>
wrote:
> On 6/8/13 5:45 AM, "Scott Koranda"
> <>
> wrote:
>>
>>It has been an issue to some extent. Cardiff is only releasing an
>>opaque ePPN instead of an ePPN that identifies the user.
>
> EPPN doesn't require non-opacity, though.

I understand.

I am looking for a shortcut to bridge until I have the
application-side work done and COmanage in place doing everything I
need it to do.

> We don't have any actual
> identifiers that do, including (though far less likely) email addresses.
>
>>I have plans to "fix" this problem using COmanage to enroll the user,
>>consume proper identifiers self-asserted by the users, map them to the
>>opaque ePPN, and then make them available from a SAML attribute
>>authority. That work is ongoing.
>
> That seems like it opens you up to the problem of users socially spoofing
> other users. Perhaps you have a closed community and it's not a concern.
>

The enrollment flows we will use require approval and a verification
process that will prevent spoofing.

We have the ability to tightly bind what an IdP asserts about a user
to what our collaboration knows about a user.

Thanks,

Scott K



Archive powered by MHonArc 2.6.16.

Top of Page