Subject: RE: [security-services] SAML deployments that use consent step?
Phil Hunt wrote on 2009-11-09: > It may also be useful for the RP to state a purpose for use. Such as we > suggested with igf privacy constraints. I certainly don't mean to imply that there aren't important bits missing now. > That supports Scott's assertion that it is still the IDP that evaluates > consent. As Conor said, I think the best way to think of that feature is that it's best used if the IdP is really and truly outsourcing consent, and wants the audit trail. But it's not clear in general that the spec is explicit about what consent is being given to do, so that makes it fairly questionable. -- Scott