[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] What is <ProxyRestriction>?
|
This was defined for the case where one IdP (IdP-A) was an SP in
another IdP’s (IdP-B) circle of trust. When IdP-A receives an assertion (as
an SP) from IdP-B, it can generate assertions for its own SPs (which also could
be IdPs in their own world, so this could go on recursively forever). The ProxyRestriction gives the original IdP (IdP-B in my
example) a means of indicating its limits on this recursion. Conor From: Mike Tran
[mailto:mttran@gmail.com] As stated in
the core, it's about "limitations that the asserting party imposes on
relying parties that wish to subsequently act as asserting parties themselves and issue
assertions of their own on the basis of the information contained in the
original assertion". What I'm a little vague on is what does it mean
exactly for the relying party to create assertions based on the original
assertion? Can someone provide an example use case for this? Thanks
in advance. -Mike |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]