RE: [saml-dev] when in doubt, read the spec...

["Cahill, Conor P" <conor.p.cahill@intel.com>]

> > ...the confusing comes in for most people because the 
> presentation of 
> > this token in an SSO type profile usually results in the 
> bypass of an 
> > authentication step at the relying party...
> 
> all due respect, but isn't "the bypass of an authentication step" 
> the whole purpose of SSO by definition? surely, that's what 
> the "single" refers to in "SSO". no?

Yes that is the case.  That is also why people consider this
an "authentication".  I personally don't, I'm just trying to
explain why some do.

> > ...because you  are presenting some form of credential to 
> an entity...
> 
> i hate to be pedantic, but does the saml spec refer to an 
> assertion as a credential? my understanding is that an 
> assertion is a "claim" or "statement". i take my 
> understanding of what an assertion is (and what it is not) 
> from the spec. for instance:

I don't think you hate it all that much :-).  

My use of the term "credential" is not out of the SAML spec,
but just plain english. That is, IMHO (not that many people
believe I can be H), a good description of what the SAML
token is in such a sequence.
 
Conor