OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SAML, trust and WS.

On 12/21/05, Alistair Young <alistair@smo.uhi.ac.uk> wrote:
> Scott's example is for SPa to request something from an IdP for another
> entity down the line.

AFAICT, the exchange between SPa and the IdP is to (1) bind SPa's key,
and (2) produce a NameID that SPb can use to query attributes.

> So the IdP has to keep generating transients.


> I don't like this. It's not "compact" enough for me. I just like the idea
> of each SP taking care of it's own requirements.

An SP can't just decide on its own to delegate.  The right to delegate
must be granted by the user (via the IdP).  An SP in the chain must be
bound to the chain by an entity preceding it in the chain.

> Tom - I'm not sure what you mean by the NameIdentifier issue.

Well, in the VLE/VSF scenario, tell me how a NameID is going to find
its way from the IdP to VFS.  More importantly, what are the
properties of this identifier?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]