[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Editorial Update to Section 3.3 of confor mance
> - I was thinking at Obtained is a super class > (generalization) of Prior, Implicit, and Explicit? But this > isn't a conformance question rather a spec interpretation. Yes, it's a superset. > - It is not clear if consent can be obtained generally for > Saml 2.0 usage (i.e., is that sufficient), or do your > comments apply to every requesting protocol (i.e., you need > to have a way to obtain consent for authn request, for > logout, for fed id termination, for name id mapping, etc...). > Sounds like consent has to apply to all requesting protocols, > therefore, a conformant implementation has to be able to ask > for consent each time. It's per message, but I think you're missing the point here (both of you). The SAML 2.0 implementation's job is not to ask for consent, but to reflect whether consent was obtained. If your implementation wants to directly interact with the user to do that, that's up to you, but a conforming implementation just needs a per-request knob to indicate the value to use. Which might be set at deploy-time to "unspecified"/omit. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]