[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] SAML deployments that use consent step?
On 9 Nov 2009, at 21:59, Josh Howlett wrote: > On 9 Nov 2009, at 21:41, Scott Cantor wrote: >> Josh Howlett wrote on 2009-11-09: >>> While we're on the subject, I've always been a bit puzzled about the >>> use-cases for the consent identifiers; in particular, why an RP >>> might >>> care whether consent has been given or not. >> >> They're for auditing, essentially. You get a signed document >> indicating >> something about consent so you can point the finger later. > > Ok. In the EU consent is irrelevant as far as an RP is concerned, as > the IdP is liable by default when TSHTF. I can't think of a scenario > where an RP would need to retrospectively demonstrate consent. Interestingly, following further discussions with my DP colleague, it seems that in the EU context there is a use-case for the IdP retrospectively demonstrating consent that had been obtained by an RP from the user. It's the same finger pointing, but reversed. best regards, josh.