[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: AuthN and Credentials
Marlena said > Another (and to my mind, important!) variation, is an asserting party > making statements about the presenter of a token *without* mention of a > principal identity. > This might look as follows. > > "I am an employee of Outlook Technologies, Inc, and > I play the role of 'Software Architect', and > I am a member of the group 'San Francisco Office" > > This ability -- to have authorization attributes associated with a > requestor without the requestor's principal identity being > revealed -- is one of the key "use cases" in Shibboleth. > > I am very interested in seeing this type of assertion as part > of SAML It is definitely necessary for Shibboleth, but I believe > it will be useful outside the strict Shibboleth space as well. I just wanted to voice my support of this position. In the interest of "risk minimization" why expose authentication information (the principal's identity) when all that the receiving party is really interested in is the authorization attributes ? --
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC