OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] SAML newbie question - do cross IdP trusts exist in SAML?


> Yes, agree. In Kerberos there is the notion of proxy-as-self
> (impersonation), where I could get another entity to request services on
my
> behalf.  I believe this was designed to overcome some delegation-related
> hurdles. I'm not sure if impersonation would be acceptable for SPs and
IdPs
> (specially for value transactions).

SAML doesn't define an explicit protocol for impersonation because
authentication is out of scope already. If you ask for an assertion about
somebody other than the authenticated identity, that's left to policy.

-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]