[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] One Question about users in InterOp Scenario
For
the purposes of the demo, the intention is that access control decisions be
based on the MemberLevel attribute, not on the username. This corresponds to
best practice in a large scale environment, where managing 10's of thousands of
users as individuals is infeasible.
However, the Assertion does contain the username, so there is nothing to
prevent a Destination site from using this information in some way. This is
consistent with the SAML philosophy, in which Asserting Parties tell what they
know and Relying Parties use it as they wish.
Hal
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC