Skip to Content.
Sympa Menu

subject-id-guidance-wg - Re: Asynchronous work - IDP guidance

Subject: InCommon SAML Subject Identifiers Deployment Guidance Working Group

List archive

Re: Asynchronous work - IDP guidance


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Morgan, Andrew J" <>
  • To: "Jones, Mark B" <>, IAM David Bantz <>, "" <>
  • Subject: Re: Asynchronous work - IDP guidance
  • Date: Sat, 24 Aug 2024 04:16:20 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oregonstate.edu; dmarc=pass action=none header.from=oregonstate.edu; dkim=pass header.d=oregonstate.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0o68wNAM6XrdbZ9BZf8/+XuS1Y3GrNjFxD3yoJJLU+M=; b=fxBXNM7n06NqhNCVOdyV2tVQEd0ujlY1dwI53WnaBq/MwRGqMZypgpNJ5So1HZfXFqyr5s1Uf6ix22Sd86KSzKkt7nrLfJvZpKns5smAttFYwfkBOtwwNEa7QgIbjP9R4h7gIzoyaThYaboC9RsT+yV+ZxeATCrAsOuwIkV46ul/u6V1l6Syzhnl4uvPyFzH+5OJVxqafXgwuBXixlOZyQAunXqmPk+2v82oJjX2d6/g/gbMCxOKN2F7SbLgIh2tU3wbPX7tmlnIe2a4ch6mPr9PGT0TCB5wF8oSEfdgnIPVxoahkCtaw2PX7Xz6VNGljkOaUeZZOJISSb1ikV5n6A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rq+rk/eF6fsr8ftb/XlnHY7E5PB2WOW4xnMoHRlrJXC8oKD/dxKPSfRPO3Qi61yGKPul7Y4bLAmprZGjt7xbrP7LHzb8JDgzOWa73pbhtSOkPzplqrOnBDxv0yw5pa3Mobd6DVx0Z5UYkjywSC9nDInw5hv/iXZARbAIAkm5+pkCVvtX/JgNSVo0suFWteBxcFMsplOM6HCkVONixt0/b29yrZO6bMEhCXiRLoj4FWn++kb0SO64n05Kp747IWNq7uRwb6U9tpvYYM/59svOJItR5DttJUWPmhIRp6n9HeNAjUNszU4pfphyZcepLxQ6397jQjSX3r5nKtt6RGLVyg==
  • Msip_labels:
That is correct - EPPN values are not suitable for subject-id values.

What guidance do we give to IDP operators that are currently releasing EPPN?  Assume they have already determined the value to release for subject-id.  Should they stop releasing EPPN and release subject-id instead or should there be a period of overlap when both values are released?  What about the access entity categories?

This discussion is not about migrating EPPN values into subject-id.  It is about how to start using subject-id and stop using EPPN and other identifiers.

Thanks,
Andy

From: Jones, Mark B <>
Sent: Friday, August 23, 2024 4:44 PM
To: IAM David Bantz <>; Morgan, Andrew J <>; <>
Subject: Re: Asynchronous work - IDP guidance
 

[This email originated from outside of OSU. Use caution with links and attachments.]

+1
From: <> on behalf of IAM David Bantz <>
Sent: Friday, August 23, 2024 6:28 PM
To: Morgan, Andrew J <>
Cc: <>
Subject: Re: Asynchronous work - IDP guidance
 
External: Increase caution when handling links and attachments.

I was surprised to read discussion of migration strategy from eduPersonPrincipalName to samlSubjectID.

My impression is that ePPN is generally name-based, thus not really persistent, thus inappropriate for samlSubjectID. 

David




On Fri, Aug 23, 2024 at 9:06 AM Morgan, Andrew J <> wrote:
Hi everyone,

During today's meeting, we started discussing implementation guidance for IDPs.  Please read the meeting notes (https://docs.google.com/document/d/1YINTg3Tvjdmx_2HpNs4pdFmL3iHYXGKZBefRxDm3QQ4/edit#heading=h.mrl26y9cootl) and help us develop actual positions and guidance on this topic.  For now, put this at the end of the working document (https://docs.google.com/document/d/1EOVPkPjCs0W6jGFrPwOq6_KMeACma__9WJ71CEeVfYU/edit) under the "Things to Ponder" heading.

See you next week!

Thanks,
Andy

Archive powered by MHonArc 2.6.24.

Top of Page