[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] SAML deployments that use consent step?
Seems to me that the answer to my original question ranges between
'some' & 'most'..... Maybe we need a survey :-) Scott Cantor wrote: Phil Hunt wrote on 2009-11-09:It may also be useful for the RP to state a purpose for use. Such as we suggested with igf privacy constraints.I certainly don't mean to imply that there aren't important bits missing now.That supports Scott's assertion that it is still the IDP that evaluates consent.As Conor said, I think the best way to think of that feature is that it's best used if the IdP is really and truly outsourcing consent, and wants the audit trail. But it's not clear in general that the spec is explicit about what consent is being given to do, so that makes it fairly questionable. -- Scott --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]