OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] NameID mgmt and account "merging"



I agree that this isn't errata.


This issue was never in scope for ID-FF and if we want it to be in
scope for SAML, we should address it as a complete piece of
functionality around the concept of account management as NameID
management is *NOT* intended to be used for account management.

The functionality around account management needs to address
lots of different situations such as:

    a) the SP joining two (or more) accounts
    b) the IdP joining two (or more) accounts
    c) Synchronization priority issues (what if the settings
       associated with the account are different, which should
       take priority)
    d) the other party may *NOT* support the concept of
       joining an account, so a) how is this reflected in
       the protocols and what can the user do?
    e) I don't think that in all cases the user joining
       two accounts at one entity implies that they want
       the two accounts joined at the other entity (for
       example, my wife and I may have an account at an
       SP that we want joined into one joint account
       while still maintaining our independent identities
       at the IdP and I am sure there are vice-versa cases).

I think we should examine this very carefully and not jump
at it quickly.

I would also say that this kind of functionality should be
a subsequent feature release rather than an errata style
release.

Conor



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]