OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Comment on sstc-saml-glossary-2.0 (also closes AI #0114)

>  From a use-case point of view, I think this capability (to request that  
>   a new federation not be created if one doesn't already exist) is most  
> useful in combination with passive authentication requests, where the  
> idea is to probe for an existing federation in combination with an  
> active session. The idea being that, even if an active session exists  
> at the IdP, I might want to have users explicitly choose to federate  
> with my site if they haven't done so before. Note that this overlaps  
> somewhat with the idea of 'consent' in ID-FF.

Exactly what I've been trying to say, thanks. I'm only objecting to this
being characterized as a "privacy" issue or some kind of critical control
flag for the SP to make the system function properly. It's a UI
consideration. It may or may not make sense to actually use the consent flag
for this, but that's what it's about.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]