Refeds


Subject Re: Fwd: [refeds-attribute-release] some (personal) comments on proposed REFEDS R&S definition
From Tom Scavo <trscavo@xxxxxxxxxxxxx>
Date Tue, 28 Oct 2014 16:37:52 -0400

On Tue, Oct 28, 2014 at 11:57 AM, Nicole Harris <harris@xxxxxxxxxx> wrote:
>
>> If an SP receives BOTH values, how would it know whether or not the
>> Asserting IDP might re-assign EPPN values ? Should we suggest an
>> algorithm to SP operators to help decide which value to use ?
>
> I think it is clear that EPPN should only be released if it is not
> reassigned.

No, that's not what the spec says (or at least that's not the intent).
Disregarding what the SP wants, the IdP *always* releases ePPN. If the
ePPN is reassigned, then ePTID MUST be released *in addition to ePPN*.

Tom