Subject: Re: [security-services] SAML deployments that use consent step?
On 9 Nov 2009, at 21:41, Scott Cantor wrote: > Josh Howlett wrote on 2009-11-09: >> While we're on the subject, I've always been a bit puzzled about the >> use-cases for the consent identifiers; in particular, why an RP might >> care whether consent has been given or not. > > They're for auditing, essentially. You get a signed document > indicating > something about consent so you can point the finger later. Ok. In the EU consent is irrelevant as far as an RP is concerned, as the IdP is liable by default when TSHTF. I can't think of a scenario where an RP would need to retrospectively demonstrate consent. > The more bizarre use case to me was always why an IdP would care about > consent You'll need to expand on that for me. When does an IdP receive a consent identifier? josh.