Closed judielaine closed 6 years ago
ergood
commented
6 years ago (old) Proposed Response:
The problem we have today is because there is no good interoperability profile now. There is no existing practice we could document that would work solve the issue this addresses. The profile as a whole is not about codifying common existing yet problematic practices. An interoperability profile is the perfect place to promote solutions to well understood problems.
judielaine
commented
6 years ago I think the response needs a bit more detail:
Proposed Response:
NameID, when used outside of a transient identifier, is broken at this time. It is true the response which resolves the issues is in its infancy; however there is no other method for interop that avoids the issues with the existing NameID practices. And, while the subject-id attribute is new, no new software deployments are needed to implement the attribute: adopters can configure their IDPs and SPs to use the attribute as soon as they are ready to comply with this profile.
We do not believe an interop profile should codify existing practices when those practices have security issues. An interoperability profile is the perfect place to promote solutions to well understood problems.
An interop profile is the perfect place to push new fixes The problem we have today is because there is no good interop profile now There is nothing we could write that does not involve new stuff, that would work