[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Comment on sstc-saml-glossary-2.0 (also c losesAI #0114)
Scott Cantor wrote on 3/12/2004, 5:36 PM: > > The SP can then participate in or ignore that relationship, but it > never puts anything in an AuthnRequest that distinguishes between an > existing one and a new one. I have not seen a need to make that > distinction in the spec. Assuming we're talking about the same thing (that the SP needs to be able to tell the IdP that it wants a new persistent relationship if one doesn't already exist) -- it is needed. The SP needs to be able to represent such an option to handle the case where it has presented the user with an option to use their IDP identity at the SP (e.g. the Passport button on Ebay) which is a clear indicatation that the user wants the federation. Of course, in such a case, the IdP can still confirm the federation with the user, but will, in the right circumstances accept the SPs request without needing additional confirmation and create the new permanent relationship with the user. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]