Restricting Trusted Attributes from Federated IDPs
Registered by
Kristy Siu
Only certain identity providers should be trusted to issue certain attributes, for example, a University might be able to issue a student number, but not a credit card number. In order to enforce this, we propose an API to allow administrators to set an issuing policy for an Identity Provider which denotes which attributes can be issued. Any attributes which violate the policy will be discarded before any attribute mapping takes place.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Not
- Drafter:
- Kristy Siu
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
- Morgan Fainberg
Related branches
Related bugs
Sprints
Whiteboard
""
(?)
Work Items
Dependency tree
* Blueprints in grey have been implemented.
