[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: AuthN and Credentials
Evan, Good note. I'd like to add a point of clarification (or maybe it will be a point of debate.) You discuss the case of a principal being associated with a token by an asserting party, and also the case of "statements about a principal"(aka authorization attributes) being made by an asserting party. Another (and to my mind, important!) variation, is an asserting party making statements about the presenter of a token *without* mention of a principal identity. This might look as follows. "I am an employee of Outlook Technologies, Inc, and I play the role of 'Software Architect', and I am a member of the group 'San Francisco Office" This ability -- to have authorization attributes associated with a requestor without the requestor's principal identity being revealed -- is one of the key "use cases" in Shibboleth. I am very interested in seeing this type of assertion as part of SAML It is definitely necessary for Shibboleth, but I believe it will be useful outside the strict Shibboleth space as well. Regards, Marlena Erdos IBM/Tivoli
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC