security-services message

Subject: RE: Comments on draft-sstc-solution-profile-kerberos-01.pdf

From: "John Hughes" <john.hughes@entegrity.com>
To: "Scott Cantor" <cantor.2@osu.edu>, "'SAML'" <security-services@lists.oasis-open.org>
Date: Tue, 13 Jan 2004 17:17:04 -0000

Scott,

I understand the notion of the bearer assertion - however not clear to me
how we would request/generate the bearer assertion (at least in the uses
case the proposed describes)


John



> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: 13 January 2004 17:05
> To: 'John Hughes'; 'SAML'
> Subject: RE: Comments on draft-sstc-solution-profile-kerberos-01.pdf
>
>
> > In any case the proposal also suggests that the SAML protocol
> is extended
> so
> > that distinct messages are supported to request an Assertion - or an
> > Artifact reference
>
> Yes, and to the extent that I'm "objecting", which is a little strong,
> that's what I'm objecting to. We wouldn't be likely to do this in the case
> of the browser-based AuthnRequest, so I don't see how it applies here
> either. I'm trying to suggest that they are the same use case
> leading to the
> same result, a bearer assertion. Just different protocol bindings
> for SAML.
>
> -- Scott

Follow-Ups:
- RE: Comments on draft-sstc-solution-profile-kerberos-01.pdf
  - From: Scott Cantor <cantor.2@osu.edu>

References:
- RE: Comments on draft-sstc-solution-profile-kerberos-01.pdf
  - From: Scott Cantor <cantor.2@osu.edu>