[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] NameID mgmt and account "merging"
I agree that this isn't errata. This issue was never in scope for ID-FF and if we want it to be in scope for SAML, we should address it as a complete piece of functionality around the concept of account management as NameID management is *NOT* intended to be used for account management. The functionality around account management needs to address lots of different situations such as: a) the SP joining two (or more) accounts b) the IdP joining two (or more) accounts c) Synchronization priority issues (what if the settings associated with the account are different, which should take priority) d) the other party may *NOT* support the concept of joining an account, so a) how is this reflected in the protocols and what can the user do? e) I don't think that in all cases the user joining two accounts at one entity implies that they want the two accounts joined at the other entity (for example, my wife and I may have an account at an SP that we want joined into one joint account while still maintaining our independent identities at the IdP and I am sure there are vice-versa cases). I think we should examine this very carefully and not jump at it quickly. I would also say that this kind of functionality should be a subsequent feature release rather than an errata style release. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]