[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: AuthN and Credentials
Evan,
Good note. I'd like to add a point of clarification (or maybe
it will be a point of debate.)
You discuss the case of a principal being associated with
a token by an asserting party, and also the case of
"statements about a principal"(aka authorization attributes)
being made by an asserting party.
Another (and to my mind, important!) variation, is an asserting party
making statements about the presenter of a token *without* mention of a
principal identity.
This might look as follows.
"I am an employee of Outlook Technologies, Inc, and
I play the role of 'Software Architect', and
I am a member of the group 'San Francisco Office"
This ability -- to have authorization attributes associated with a
requestor without the requestor's principal identity being
revealed -- is one of the key "use cases" in Shibboleth.
I am very interested in seeing this type of assertion as part
of SAML It is definitely necessary for Shibboleth, but I believe
it will be useful outside the strict Shibboleth space as well.
Regards,
Marlena Erdos
IBM/Tivoli
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC