OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: AuthN and Credentials


   Good note.   I'd like to add a point of clarification  (or maybe
it will be a point of debate.)

    You discuss the case of a principal being associated with
a token by an asserting party, and also the case of
"statements about a principal"(aka authorization attributes)
being made by an asserting party.

     Another (and to my mind, important!) variation, is an asserting party
making statements about the presenter of a token *without* mention of a
principal identity.
      This might look as follows.

     "I am an employee of Outlook Technologies, Inc, and
      I play the role of 'Software Architect', and
      I am a member of the group 'San Francisco Office"

   This ability -- to have authorization attributes associated with a
requestor without the requestor's principal identity being
 revealed -- is one of the key "use cases" in Shibboleth.

     I am very interested in seeing this type of assertion as part
of SAML  It is definitely necessary for Shibboleth, but I believe
it  will be useful outside the strict Shibboleth space as well.

Marlena Erdos

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC