OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] SAML deployments that use consent step?

Josh, can you expand on just what your IDPs are NOT asking consent for? 
ie what operations/data flows.

Josh Howlett wrote:
> On 9 Nov 2009, at 12:45, Paul Madsen wrote:
>> Do we have any sense of what fraction of SAML deployments have a 
>> consent step? Whether or not they explicitly leverage the protocol's 
>> dedicated mechanisms?
> We have a few hundred IdPs in our federation and I'm not aware of any 
> of them using a consent step.
>> There would seem to be an assumption in the outside world that, since 
>> SAML is often deployed between existing biz partners, consent isnt 
>> necessary.....
> Obtaining consent isn't a practice that we recommend to our members, 
> and we generally advise against it. It is sometimes argued that there 
> are cases where it might be useful/necessary, but in our context these 
> are typically the exception.
> josh.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]