Versions Compared

Old Version 7

changes.mady.by.user Steven Carmody (brown.edu)

Saved on

compared with

New Version 8

changes.mady.by.user Steven Carmody (brown.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

Note
titleCounterexample

The Google OpenID IdP (and other FICAM-certified social IdPs) asserts a Private Personal Identifier such as:

which maps well to EPTID since PPID is per-SP by definition. The problem with asserting PPID as-is is that the target SP is not apparent in the bare string. This is especially important in a gateway environment since the target SP is most definitely not the end SP.

Open question: Should the gateway convert PPID to EPTID, and if so, what should the SP entityID be?