Issue with saved personal identity numbers for BankID IdP:s about technical-framework HOT 5 CLOSED

It seems more appropriate and generic if the SP provides known information about the user to the IdP at each instance, rather than the IdP trying to store it in session cookies. Adding such information as optional request data seems appropriate. It does necessarily mean that storing data in cookies is bad och should be banned, but would be overridden by data provided in the the request.

from technical-framework.

One alternative to defining a new extension for this purpose is to pass the Subject element in the AuthnRequest and there make use of the SPProvidedID. Section 2.2.2 of SAML-core states:

A name identifier established by a service provider or affiliation of providers for the entity, if
different from the primary name identifier given in the content of the element. This attribute
provides a means of integrating the use of SAML with existing identifiers already in use by a
service provider. For example, an existing identifier can be "attached" to the entity using the Name
Identifier Management protocol defined in Section 3.6.

This may not be as generic as an own datatype, but on the upside we don't have to define an extension of our own.

from technical-framework.

A new resolution to this issue has been included in the last pull request.

from technical-framework.

This will not make it into the June 2018 release.

from technical-framework.

PR #70, which is merged into the master branch now presents a draft for an AuthnRequest extension - Principal Selection in SAML Authentication Requests.

from technical-framework.