Comment #6 on issue 28 by jmacau...@gmail.com: Security http://code.google.com/p/ogf-nsi-project/issues/detail?id=28 The SAML AttributeStatementType was proposed to carry not only the information you have shown above, but also a person's public key, sign-on token, etc. This would allow for common externalized authentication and authorization systems such as Shibboleth. If we go back to the simple Attribute definition then we will not longer have this flexibility for networks that would like to propagate end user credentials. I am open for changing it, but we need to get feedback from people deploying NSI in their networks. I have attached the ESnet proposal that resulted in the inclusion of the SAML AttributeStatementType. Attachments: NISAA.doc 101 KB