OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] SAML deployments that use consent step?

On 9 Nov 2009, at 21:59, Josh Howlett wrote:

> On 9 Nov 2009, at 21:41, Scott Cantor wrote:
>> Josh Howlett wrote on 2009-11-09:
>>> While we're on the subject, I've always been a bit puzzled about the
>>> use-cases for the consent identifiers; in particular, why an RP  
>>> might
>>> care whether consent has been given or not.
>> They're for auditing, essentially. You get a signed document  
>> indicating
>> something about consent so you can point the finger later.
> Ok. In the EU consent is irrelevant as far as an RP is concerned, as  
> the IdP is liable by default when TSHTF. I can't think of a scenario  
> where an RP would need to retrospectively demonstrate consent.

Interestingly, following further discussions with my DP colleague, it  
seems that in the EU context there is a use-case for the IdP  
retrospectively demonstrating consent that had been obtained by an RP  
from the user.

It's the same finger pointing, but reversed.

best regards, josh.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]