OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Inclusion of Federated Name RegistrationProtocolin SAML 2.0

ext Scott Cantor wrote:

> 
> The SP half of the protocol is indeed for those niche cases. I think in
> ID-FF the ability for the IdP to refresh its identifier was added as an
> afterthought, but I think that's actually the more useful half.

I believe that RNI was added *mostly* for the benefit of the IdP, to 
enable update of the NameID, as Scott noted, to better protect the 
privacy of the Principal. I also believe that there are companies out 
there that find this functionality useful, and would like SPs to support 
their periodic refreshing of NameIDs.

- JohnK

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]