RE: [security-services] Comments on SAML 2.0 Core draft-19...

["Conor P. Cahill" <concahill@aol.com>]

Nick Ragouzis wrote on 8/10/2004, 9:45 AM:

 > +0 (whatever experienced implementers think), ...
 >
 > ... but consider that verbosity (less-of) is not the only
 > criteria in a case such as this, where user interfaces
 > are concerned.

Actually, verbosity is a significant issue with the
AuthNRequest, but yes, it isn't the only issue.

 > Here the schema is also conveying a sense of the "default"
 > user interaction principles ... and those follow interaction
 > design practices that no unbeckoned presentations suddenly
 > appear [1].

I disagree.  The schema should represent typical usage and
not anything about UI principals.

 > I'd say that in the security context this user interface
 > aspect extends to all services cooperating in a consistent,
 > integral, presentation. Which imposes a default of: don't
 > interpose yourself (IdP/ECP) unless I specifically say you
 > may (and by which I am indicating that I have already given
 > the user the proper indications and am committing to follow
 > up 'your' interactions appropriately).

Again, I disagree.  Even from a security context, having the
default be that when the SP queries the IDP and the IdP can't
ask the user about it, you're potentially opening at least a
privacy hole.

The majority of the time, when an SP says to the IdP, Hey,
I need you to give me an authentication assertion, the SP
will want the IdP to interact with the user so that the
IdP can query the user for credentials, if necessary.

If the SP doesn't want the interaction, it should positively
indicate it as such because there are privacy considerations
involved in probing for access without interacting with a
user.

Conor