OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-core message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: Requirement for Isolated Request for Authorization Atributes


I think the point is that SAML will make no attempt to standardise the
contents of assertions like this.

 - irving -

> From: Philip Hallam-Baker [mailto:pbaker@verisign.com]
> Subject: RE: Requirement for Isolated Request for Authorization
> Atributes
> 
> OK maybe I should have said 'appears to be out of scope but 
> attempting to
> prevent a user from making such an assertion will require 
> specific effort'.
> 
> Phillip Hallam-Baker

> > From: Darren Platt [mailto:dplatt@securant.com]
> > Subject: RE: Requirement for Isolated Request for Authorization
> > Atributes
> > 
> > I do not believe this is currently considered in scope (by 
> > the requirements
> > group anyway), nor should it be:
> > 
> > > "Any party with the rights identifier PQR is authorized to 
> > access the file
> > > xyz.html"
> > > 		Appears to be in scope but is very definitely a policy
> > > statement
 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC