[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML, trust and WS.
On 12/21/05, Alistair Young <alistair@smo.uhi.ac.uk> wrote: > > Scott's example is for SPa to request something from an IdP for another > entity down the line. AFAICT, the exchange between SPa and the IdP is to (1) bind SPa's key, and (2) produce a NameID that SPb can use to query attributes. > So the IdP has to keep generating transients. Indeed! > I don't like this. It's not "compact" enough for me. I just like the idea > of each SP taking care of it's own requirements. An SP can't just decide on its own to delegate. The right to delegate must be granted by the user (via the IdP). An SP in the chain must be bound to the chain by an entity preceding it in the chain. > Tom - I'm not sure what you mean by the NameIdentifier issue. Well, in the VLE/VSF scenario, tell me how a NameID is going to find its way from the IdP to VFS. More importantly, what are the properties of this identifier? Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]