OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Some food for thought on delegation

Some mostly low-level musings can be found here:


There are several profiles in the document, some more well thought out or
needed than others, but the "best" ones in terms of being immediately
workable and lacking much of an alternative at this point are probably the
first two, which describe using  samlp:AuthnRequests and saml:Assertion to
request and then use assertions for constrained delegation using
holder-of-key, and then combine that with the Browser SSO and ECP profiles
to enable SPs to act on behalf of the user at specific services.

The philosophy behind these proposals is that existing work in this space is
perhaps a bit overly general, and sacrifices some of the value of
normalizing security semantics to a common format (i.e. what SAML was
supposed to be for).

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]