[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [imi] Issue regarding AppliesTo content
> Scott, as you pointed out, your proposal is actually an instance of a more > general facility that would let a Relying Party provide a WS-SecurityPolicy > document via an object tag. I was under the impression that was already possible, but now that I look closer, I see it's the issuer's policy you can point to, not the RP's policy. I would agree, that's a problem. But my personal feeling is that WS-SecurityPolicy is too complex to catch on amongst the majority of RP sites. Having a way to expose some of the more critical features that would ordinarily require a policy document would be useful. > I'm sympathetic to this possibility (I know > that Microsoft and others have talked about implementing this at some > point), but I know of no implementations. Despite the capability being > well-motivated, I'm reluctant to introduce a new feature into this standard > until we have experience from existing practice to draw upon. That's what I'm doing. This issue came up almost immediately when we tried to implement the profile. It's sloppy, though common, design to conflate locations with names. Locations tend to change, and having to change policy every time something changes location renders the system rather unmanageable. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]