[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-03.odt
> That's ridiculous. I think that's overblown. It's annoying. On a scale of 1 to 10, it's about a 3. Maybe. > Is someone trying to tell us that none of those specs standalone? > I guess that's the point I've been trying to make > all along (but this forum is probably not the best place to carry on > that conversation). No, and *that's* ridiculous. I've heard the same criticism about SAML, so the fact is that people see what they want to see. > > I think it's needless duplication with fewer features. > > Which some see as a positive thing, right? I guess some people might see it that way. Having the features doesn't mean you have to use them or even implement them. I think it's a positive if a dumbed down version can talk to the same software as a more complete version. > > But if I honestly > > thought that *anybody* could be won over just by pulling SOAP out of there, > > I'd have done it a long time ago. > > Me ;-) I assumed you were speaking for somebody else's prejudices. > If I'm understanding you correctly, I don't agree with that. I have > lots of use cases for h-o-k SAML tokens, even low assurance ones > (i.e., tokens that can be traced to username/password). If you're talking about stuffing them inside certificates, I consider that pretty specialized. But so be it. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]