[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: I changed my mind about eliminating the Web browser "Post" profil e
At the F2F I agreed to document my proposal to drop the Browser "Form Post" Profile. My reason was a hope we could avoid "Bearer" Assertions entirely. I have been convinced that Bearer Assertions will be required. I can live this providing: 1. They are clearly labled as such. (The current spec is almost there.) 2. They are only used in profiles where absolutely necessary. 3. Appropriate analysis is provided in Security Considerations. As a consequence, I now agree with Prateek that we should continue to develop both the "artifact" and the "Form Post" variants of the Browser profile. The issue of which one or both is mandatory to implement can be discussed later. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC