[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Suggested addition to core-19.doc, sec. 1.3.2.2
The text in section 1.3.2.2 of core-19.doc is a bit clearer (or more vague?) on the use of NameIdentifier than I realized. It currently says: "The interpretation of the security domain and the name are left to individual implementations." I suggest this wording: "The interpretation of the security domain and the name are left to individual implementations, including issues of anonymity, pseudonymity, and the persistence of the identifier with respect to the asserting and relying parties." The reasoning for this is to call out a few issues in the use/interpretation of names, in a generic sense, so that it's clear that nothing in NameIdentifier communicates those semantics in-band. With respect to "championing anonymity as a use case," it's demonstrably possible to encode lots of different kinds of "names" inside NameIdentifier, and this is intended to say "SAML says to do whatever you want." -------- Scott Cantor So long, and thanks for all the fish. cantor.2@osu.edu -- Douglas Adams, 1952-2001 Office of Info Tech PGP KeyID F22E 64BB 7D0D 0907 837E The Ohio State Univ 0x779BE2CE 6137 D0BE 1EFA 779B E2CE
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC