OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] FW: [saml-dev] Constrained delegation


 


> They largely boil down to questioning alternate 
> interpretations of the syntax (allowing for Ron's point about 
> the language used to describe what it is that we mean here).

Yeah, to add some additional input, I would say that anytime an 
assertion is generated for a party that allows that party to 
use that assertion to establish a session at a relying party 
on behalf of a subject is, by definition, delegation.

If this needs clarification, then we should clarify the parts of
the spec that aren't clear.  

I'm not sure we need anything special in the assertion to 
identify this.

I would be interested in understanding an interpretation of
the specs that lets an assertion generated for party A to 
use at party B with a subject that is not party A be anything
other than delegation (of the right to represent the subject
to party A when interacting with Party B). 

Conor


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]