[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Re: Proposed Agenda for SSTC Conference Call (Tue 21 Sept 2010)
> Some of the restrictions have been placed on Federico's company by their > vendor, due to limitations of the IdP implementation. It was more > comfortable sending two separate assertions. It also more simple for > them to implement the issuance of SAML assertions that are generally > usable at a number of services, rather than issuance of specific > assertions for every application, because the IdP requires less > knowledge of the business services. It's also nice to decouple business > policies from the actual technical implementation. Just for clarification in subsequent discussions, none of those arguments applies to the delegation condition. The only thing the delegation document does is define how to express that a delegate is acting on behalf of the assertion subject. It says nothing about how the assertion(s) get issued, by who, how many services they're usable with, who knows about what business processes, etc. That's all separate matter addressed by other profiles. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]