[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] FW: [saml-dev] Constrained delegation
> They largely boil down to questioning alternate > interpretations of the syntax (allowing for Ron's point about > the language used to describe what it is that we mean here). Yeah, to add some additional input, I would say that anytime an assertion is generated for a party that allows that party to use that assertion to establish a session at a relying party on behalf of a subject is, by definition, delegation. If this needs clarification, then we should clarify the parts of the spec that aren't clear. I'm not sure we need anything special in the assertion to identify this. I would be interested in understanding an interpretation of the specs that lets an assertion generated for party A to use at party B with a subject that is not party A be anything other than delegation (of the right to represent the subject to party A when interacting with Party B). Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]