RE: [security-services] Comment on sstc-saml-glossary-2.0 (also closes AI #0114)

["Mishra, Prateek" <pmishra@netegrity.com>]

> [proposed-definition]
> An principal's identity is said to be federated between a pair (set) of
> providers when there is agreement between the providers on an identifier
> (or a class of identifiers) and a time-period during which the 
> identifier is to be used to refer to the principal.
> [/proposed-definition]


[Scott]
I think "identity" is a lot of things, not just a particular identifier, but
a "federated identifier" is, well, an identifier that should meet certain
defined properties.
[\Scott]

Notice I have not attempted any definition of identity here, merely
suggested that there is an aspect of identity that has to do with
federation; and this aspect is manifested as an identifier under certain
conditions.

[Scott]
Perhaps we need to split that up in the glossary and talk about identity
federation separately from "federated identifier", if we even have to define
the former at all.
[\Scott]

OK, I agree there may be other ways to go, BUT I don't believer we can avoid
defining identity federation in some form or the other in the specification.