Subject Re: VO challenges - article
From Paul Caskey <pcaskey@xxxxxxxxxxxxx>
Date Tue, 27 Oct 2015 16:33:29 +0000

I agree with that, but would just point out that many IdPs fail to release attributes not because they are recalcitrant, lazy, or anything else, but that the culture common to many institutions (and CIOs) is that taking the risk of automated release (managed by a party that is legally blameless) is not justified by the benefits.

So, continuing to whine to IT folks about the attribute release problem isn’t going to fix it IMHO.  We need to address the risk/reward argument and drive the conversation in other administrative areas of the institution (registrars, HR, etc).

On 10/27/15, 10:39 AM, "trscavo@xxxxxxxxx on behalf of Tom Scavo" <trscavo@xxxxxxxxx on behalf of trscavo@xxxxxxxxxxxxx> wrote:

>On Tue, Oct 27, 2015 at 10:04 AM, Cantor, Scott <cantor.2@xxxxxxx> wrote:
>> IdP has a broader functional scope in SAML than just authentication. Once you have a proxy IdP that's doing all the real work of attributes and provisioning and so forth, the small bit left is easy to replace with a commodity.
>I think what you're saying (and I strongly agree) that the
>authentication providers will whither while the attribute providers
>will flourish.