OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: AuthN and Credentials

Marlena said

>     Another (and to my mind, important!) variation, is an asserting party
> making statements about the presenter of a token *without* mention of a
> principal identity.
>       This might look as follows.
>     "I am an employee of Outlook Technologies, Inc, and
>      I play the role of 'Software Architect', and
>      I am a member of the group 'San Francisco Office"
>   This ability -- to have authorization attributes associated with a
> requestor without the requestor's principal identity being
> revealed -- is one of the key "use cases" in Shibboleth.
>     I am very interested in seeing this type of assertion as part
> of SAML  It is definitely necessary for Shibboleth, but I believe
> it  will be useful outside the strict Shibboleth space as well.

I just wanted to voice my support of this position. In the interest of "risk
minimization" why expose authentication information (the principal's
identity) when all that the receiving party is really interested in is the
authorization attributes ?


Gilbert Pilz.vcf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC