[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf uploade d
I didn't think to look back at earlier drafts before posting my message earlier today, but did so subsequently. -02, e.g., makes the statement "Means shall be specified enabling the authentication authority to obtain explicit confirmation by the principal before a federation is established." The intent was that a means to obtain consent must be available, not to mandate that the authentication authority (acting according to its policy) must invoke that means on every federation instance. --jl -----Original Message----- From: Scott Cantor [mailto:cantor.2@osu.edu] Sent: Wednesday, October 29, 2003 10:58 AM To: Linn, John; 'Beach, Michael C'; security-services@lists.oasis-open.org Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf uploade d > [JL] I don't believe that the requirements text as drafted > actually mandates per-instance explicit user consent. > Rather, lines 155-157 of nameid-06 > state: "... no federation shall be established without > approval by the principal's authentication authority, which > is relied upon to act in accordance with a policy accepted by > the principal, unless the deployment specifically obviates > the need for such privacy considerations." Heh, well, that's because my last draft tweaked the text to say that. ;-) The original text was explicit about requiring user consent. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]