Allowing sites to renew information

Barry Ferg barry at sxip.com
Tue Sep 26 23:21:54 UTC 2006


Good point David, I was referring to school of thought #1.  #2 should  
certainly be possible with AX as well.

On 26-Sep-06, at 3:58 PM, Recordon, David wrote:

> I think that is slightly different from what Gerv was referring to.
>
> With Simple Registration, there is nothing stopping a relying party  
> from
> requesting the email address with every authentication request.  Most
> implementations however don't seem to do this, rather only request  
> data
> if they don't have it.
>
> In a sense, I think there are two schools of thought:
> 1) IdP pushes new data to each RP
> 2) Each RP pulls new data in each authentication request
>
> In a sense, I think the IdP pushing data is more robust.  If you  
> update
> your email address in your IdP, I'd imagine it would have tracked what
> RPs you've given it to, and then offer to send the updated address to
> them.
>
> In the end though, I don't think this is something specifications will
> necessarily dictate.  Rather I'd hope to see the specs support both
> methods and then implementations choose what is best given their
> requirements.
>
> --David




More information about the specs mailing list