[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf uploade d
Scott Cantor wrote on 10/29/2003, 11:31 AM: > Subtle, but true. Question...does ID-FF in your mind address that > requirement? I'm not sure I'd claim that it has actually specified > such a means. No. ID-FF assumes that the IdP can perform this operation when it has control of the browser during a re-direct (just as it can request authentication credentials). There is a place where the SP can postiviely indicate that it has obtained consent from the user, but, in my opinion, this is less than valuable from a technological point of view. There was no real reason to require an on-the-wire protocol for this because the IdP always gets control of the user interface during the authentication/federation process and can implement whatever is appropriate for that user interface and their policies. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]