OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] SAML deployments that use consent step?


Josh Howlett wrote on 2009-11-09:
> While we're on the subject, I've always been a bit puzzled about the
> use-cases for the consent identifiers; in particular, why an RP might
> care whether consent has been given or not.

They're for auditing, essentially. You get a signed document indicating
something about consent so you can point the finger later.

The more bizarre use case to me was always why an IdP would care about
consent (nor did I agree with defining the AllowCreate flag), but I always
had a different view of what Liberty calls "federation".

-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]