[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Token profile issue with AppliesTo and AudienceRestriction
The SAML 2.0 token profile currently says: If the request contains a <wsp:AppliesTo>
element, then a <saml:AudienceRestriction>
containing a <saml:Audience>
element MUST be included with the value of that element. As part of the review of the draft SAML 1.1 token profile,
Arun Nanda commented: “This is overkill IMO. If an IdP is an open
IdP that issues ‘unscoped’ tokens for consumption by any RP, it
should not be forced to encode an audience in the issued token just because the
request included it. So, may be SHOULD is preferred here…” I tend to agree with Arun. I think we should make this
change. That’s the language I’m using in the 1.1
profile. After discussion, I’ll file an issue about this too. --
Mike |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]