RE: [liberty-dev] Single sign-on and unique name identifiers


To <liberty-dev@emailprotection.org>
From “Conor hill” <conhill@aol.com>
Date Wed, 25 Sep 2002 12:30:17 -0400
Importance Normal
In-reply-to <FEEHKMILPNOMFDNDGBJEAECKCKAA.WotkRap@TrustEngineering.co.uk >
Reply-to liberty-dev@emailprotection.org
Sender liberty-dev-owner@emailprotection.org

> I read these rules as follows:
> 
>     The IDPProvidedNameIdentifier must be unique across all 
>     the federations the IdP knows about

This is not required by the spec.  

The same IdPProvidedNameIdentifier could be used for two 
different Principals at two different SPs (e.g. an IdP 
could assign me the ID 123 at SP1 and assign you the 
ID 123 at SP2).

In reality, I would expect that most IdPs will use some
form of GUID for each Pseudonym so that they don't have
to worry about collisions, but that isn't a requirement.

Conor

Partial thread listing:

09/25/2002
RE: [liberty-dev] Single sign-on and unique name identifiers(continued)
 Conor P. Cahill (09/25/2002)
09/13/2002
[liberty-dev] Identity Provider enrollment?
(Wojtek Rappak)
 Conor P. Cahill (09/16/2002)
08/29/2002
[liberty-dev] Signature verification practices, (Jonathan Sergent)
08/27/2002
[liberty-dev] Assertion Validity, (Hubert A. Le Van Gong)

LEAVE A REPLY

Please enter your comment!
Please enter your name here