[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] comments on sstc-saml-profiles-2.0-draft-12
> In the Web Browser profiles we have (at some point) the subject > authenticating to the Identity Provider - so that a security context is > established. Yet in ECP that step is not described. I didn't lay out the sequence originally, so it's not surprising they don't match my steps. > What is the trust relationship so that the IdP sends the "correct" > <Response> to the SP. Does this rely on the <AuthnRequest> being signed. > If so - why is this not a MUST? The authn request isn't the issue, the principal always has to authenticate to the IdP at some point, or it wouldn't have any idea what to do. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]