[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: AuthN and Credentials
I believe that these scenarios are the basis of the requirement: [R-Anonymity] SAML will allow assertions to be made about anonymous principals, where "anonymous" means that an assertion about a principal does not include an attribute uniquely identifying the principal (ex: user name, distinguished name, etc.). Regards, Darren > -----Original Message----- > From: Pilz, Gilbert [mailto:gpilz@jamcracker.com] > Sent: Thursday, March 01, 2001 4:00 AM > To: UseCaseList > Subject: RE: AuthN and Credentials > > > Marlena said > > > Another (and to my mind, important!) variation, is an > asserting party > > making statements about the presenter of a token *without* mention of a > > principal identity. > > This might look as follows. > > > > "I am an employee of Outlook Technologies, Inc, and > > I play the role of 'Software Architect', and > > I am a member of the group 'San Francisco Office" > > > > This ability -- to have authorization attributes associated with a > > requestor without the requestor's principal identity being > > revealed -- is one of the key "use cases" in Shibboleth. > > > > I am very interested in seeing this type of assertion as part > > of SAML It is definitely necessary for Shibboleth, but I believe > > it will be useful outside the strict Shibboleth space as well. > > I just wanted to voice my support of this position. In the > interest of "risk > minimization" why expose authentication information (the principal's > identity) when all that the receiving party is really interested in is the > authorization attributes ? > > -- > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC