RE: [saml-dev] SAML, trust and WS.

["Giuseppe Sarno" <gsarno@nortel.com>]

Hi,
It seems I kicked off some great discussion on this,
and it also looks like there are a lot of people interested in this,

for my sake I would like to re-cap this and see if I got it right.

SAML provides capability for SSO and Delegation (via specific elements
in the assertion).
SAML DOESN'T provide the capability (in a standard way - through
profiles) for a SP to query or ask for one Assertion or the other. (The
only assertion currently supported in the profiles is the SSO one.)

The important bit which I'm not too sure about is the following:
the only difference between the two assertions is really the Subject
confirmation bit (in the delegation case we need a holder of key or
sender vouches).
And the difference at the profile level is the capability to specify the
assertion required.

This might be too simplistic but, is this correct ? what are other
things missing ? 


Thanks.
Giuseppe.