[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf uploade d
> [JL] I don't believe that the requirements text as drafted > actually mandates per-instance explicit user consent. > Rather, lines 155-157 of nameid-06 > state: "... no federation shall be established without > approval by the principal's authentication authority, which > is relied upon to act in accordance with a policy accepted by > the principal, unless the deployment specifically obviates > the need for such privacy considerations." Heh, well, that's because my last draft tweaked the text to say that. ;-) The original text was explicit about requiring user consent. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]