OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Re: Proposed Agenda for SSTC Conference Call (Tue 21 Sept 2010)


> Some of the restrictions have been placed on Federico's company by their
> vendor, due to limitations of the IdP implementation.  It was more
> comfortable sending two separate assertions.  It also more simple for
> them to implement the issuance of SAML assertions that are generally
> usable at a number of services, rather than issuance of specific
> assertions for every application, because the IdP requires less
> knowledge of the business services.  It's also nice to decouple business
> policies from the actual technical implementation.

Just for clarification in subsequent discussions, none of those arguments
applies to the delegation condition. The only thing the delegation document
does is define how to express that a delegate is acting on behalf of the
assertion subject.

It says nothing about how the assertion(s) get issued, by who, how many
services they're usable with, who knows about what business processes, etc.
That's all separate matter addressed by other profiles.

-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]