OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] SAML deployments that use consent step?

On 9 Nov 2009, at 21:41, Scott Cantor wrote:
> Josh Howlett wrote on 2009-11-09:
>> While we're on the subject, I've always been a bit puzzled about the
>> use-cases for the consent identifiers; in particular, why an RP might
>> care whether consent has been given or not.
> They're for auditing, essentially. You get a signed document  
> indicating
> something about consent so you can point the finger later.

Ok. In the EU consent is irrelevant as far as an RP is concerned, as  
the IdP is liable by default when TSHTF. I can't think of a scenario  
where an RP would need to retrospectively demonstrate consent.

> The more bizarre use case to me was always why an IdP would care about
> consent

You'll need to expand on that for me. When does an IdP receive a  
consent identifier?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]