security-services message

Subject: Re: [security-services] SAML deployments that use consent step?

From: Paul Madsen <paulmadsen@rogers.com>
To: Josh Howlett <josh.howlett@gmail.com>
Date: Mon, 09 Nov 2009 14:24:53 -0500

Josh, can you expand on just what your IDPs are NOT asking consent for? 
ie what operations/data flows.
 
Paul

Josh Howlett wrote:
> On 9 Nov 2009, at 12:45, Paul Madsen wrote:
>> Do we have any sense of what fraction of SAML deployments have a 
>> consent step? Whether or not they explicitly leverage the protocol's 
>> dedicated mechanisms?
>
> We have a few hundred IdPs in our federation and I'm not aware of any 
> of them using a consent step.
>
>> There would seem to be an assumption in the outside world that, since 
>> SAML is often deployed between existing biz partners, consent isnt 
>> necessary.....
>
> Obtaining consent isn't a practice that we recommend to our members, 
> and we generally advise against it. It is sometimes argued that there 
> are cases where it might be useful/necessary, but in our context these 
> are typically the exception.
>
> josh.
>

Follow-Ups:
- Re: [security-services] SAML deployments that use consent step?
  - From: Josh Howlett <josh.howlett@gmail.com>

References:
- SAML deployments that use consent step?
  - From: Paul Madsen <paulmadsen@rogers.com>
- Re: [security-services] SAML deployments that use consent step?
  - From: Josh Howlett <josh.howlett@gmail.com>