[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SAML 2.0 SPProvidedID
> The essence of the question is probably: if the IdP has to > manage its own NameID and - if present - the SPProvidedID, > then why isn't it possible to simply use the SPProvidedID > when talking with the IdP. Because then the SP can impose its key on the IdP. That's at least as bad as the opposite. > Instead - as I read you - both, IdP and SP, have to manage > both IDs - instead of only the IdP manages both IDs. An SP never has to do anything because the feature is optional. Doing anything with the ID at all is optional, in fact, which is why transients exist. As a conformance matter, it's mandatory for software to enable the use of the secondary key, but as a practical matter no SP has to use it and it would be really cool if nobody did so we can deprecate it someday. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]