[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services-comment] delegation
> I was wondering if there had been any consideration of
> assertion statements
> concerning delegation in SAML?
Delegation was discussed at a face to face meeting last year. The general feeling was that delegation, beyond simple impersonation was complex and not a vital requirement for SAML 1.0.
Although there is a school of thought that completely generalized, controlled delegation is impractical in large scale, open envornments, in principle SAML could reconsider delegation support features for a future version.
It would be very useful if you could submit specific requirements or usecases for delegation in the context of SAML.
Also note that one aspect of controlled delegation is policy. This is being addressed by XACML. The need to distinguish between various kinds of principals in policy statements, including orginators and intermediaries has been discussed and is being treated as a requirement.
Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC