[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Stateless Conformity To SAML
> And that's my point -- a conformance claim should offer a helpful clue, > and at the very least, not be misleading. Claiming conformance to > Name ID management messages seems very misleading if the product doesn't > have any notion of "remembering" users. But let's be clear...I don't believe it's always the job of the SAML product to do this in general. It's the job of the product to inform the surrounding infrastructure that the change happened. And I believe that that's how at least some people would expect to deploy it. It's certainly how I intend to (I do wear both hats). In such a case, my product isn't remembering the change (except perhaps to modify some transitory state), but I would claim that it's perfectly reasonable for me to claim conformance and that it's a useful claim and not at all misleading. That's the crux of my argument. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]