OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Editorial Update to Section 3.3 of confor mance

> - I was thinking at Obtained is a super class 
> (generalization) of Prior, Implicit, and Explicit? But this 
> isn't a conformance question rather a spec interpretation.

Yes, it's a superset.

> - It is not clear if consent can be obtained generally for 
> Saml 2.0 usage (i.e., is that sufficient), or do your 
> comments apply to every requesting protocol (i.e., you need 
> to have a way to obtain consent for authn request, for 
> logout, for fed id termination, for name id mapping, etc...). 
> Sounds like consent has to apply to all requesting protocols, 
> therefore, a conformant implementation has to be able to ask 
> for consent each time. 

It's per message, but I think you're missing the point here (both of you).
The SAML 2.0 implementation's job is not to ask for consent, but to reflect
whether consent was obtained. If your implementation wants to directly
interact with the user to do that, that's up to you, but a conforming
implementation just needs a per-request knob to indicate the value to use.
Which might be set at deploy-time to "unspecified"/omit.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]