OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [saml-dev] One Question about users in InterOp Scenario


For the purposes of the demo, the intention is that access control decisions be based on the MemberLevel attribute, not on the username. This corresponds to best practice in a large scale environment, where managing 10's of thousands of users as individuals is infeasible.
 
However, the Assertion does contain the username, so there is nothing to prevent a Destination site from using this information in some way. This is consistent with the SAML philosophy, in which Asserting Parties tell what they know and Relying Parties use it as they wish.
 
Hal 
-----Original Message-----
From: Ignasi Ripoll [mailto:ignasi@wanadoo.es]
Sent: Wednesday, June 05, 2002 1:52 AM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] One Question about users in InterOp Scenario

Users Joe, Ravi and Alice are known for Origen Site (Portal) but Are they known by Destination Site ( Content-Provider )
 
In other words, Must the identity of users be known for both partners in Scenario Artifact??
 
 
 
Thanks.
 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC