Subject: RE: [security-services] SAML deployments that use consent step?
Josh Howlett wrote on 2009-11-09: > While we're on the subject, I've always been a bit puzzled about the > use-cases for the consent identifiers; in particular, why an RP might > care whether consent has been given or not. They're for auditing, essentially. You get a signed document indicating something about consent so you can point the finger later. The more bizarre use case to me was always why an IdP would care about consent (nor did I agree with defining the AllowCreate flag), but I always had a different view of what Liberty calls "federation". -- Scott