[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Comments on SAML 2.0 Core draft-19...
Nick Ragouzis wrote on 8/10/2004, 9:45 AM: > +0 (whatever experienced implementers think), ... > > ... but consider that verbosity (less-of) is not the only > criteria in a case such as this, where user interfaces > are concerned. Actually, verbosity is a significant issue with the AuthNRequest, but yes, it isn't the only issue. > Here the schema is also conveying a sense of the "default" > user interaction principles ... and those follow interaction > design practices that no unbeckoned presentations suddenly > appear [1]. I disagree. The schema should represent typical usage and not anything about UI principals. > I'd say that in the security context this user interface > aspect extends to all services cooperating in a consistent, > integral, presentation. Which imposes a default of: don't > interpose yourself (IdP/ECP) unless I specifically say you > may (and by which I am indicating that I have already given > the user the proper indications and am committing to follow > up 'your' interactions appropriately). Again, I disagree. Even from a security context, having the default be that when the SP queries the IDP and the IdP can't ask the user about it, you're potentially opening at least a privacy hole. The majority of the time, when an SP says to the IdP, Hey, I need you to give me an authentication assertion, the SP will want the IdP to interact with the user so that the IdP can query the user for credentials, if necessary. If the SP doesn't want the interaction, it should positively indicate it as such because there are privacy considerations involved in probing for access without interacting with a user. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]