OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf uploade d

Scott Cantor wrote on 10/29/2003, 11:31 AM:

 > Subtle, but true. Question...does ID-FF in your mind address that
 > requirement? I'm not sure I'd claim that it has actually specified
 > such a means.

No.  ID-FF assumes that the IdP can perform this operation when it has 
control of the browser during a re-direct (just as it can request 
authentication credentials).   There is a place where the SP can 
postiviely indicate that it has obtained consent from the user, but, in 
my opinion, this is less than valuable from a technological point of view.

There was no real reason to require an on-the-wire protocol for this 
because the IdP always gets control of the user interface during the 
authentication/federation process and can implement whatever is 
appropriate for that user interface and their policies.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]