[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Requirement for Isolated Request for Authorization Atributes
In last week's Core Assertions concall there was some discussion about the idea of requesting Authorization Attributes for a user who is not currently logged in. I have a recollection of someone on a Use Case concall a few weeks ago saying this was an important requirement. Unfortunately I do not remember who it was. It was pointed out that the current use cases do not contain this element. Obviously a request of this type could be used as a performance optimization, but does someone have another scenario in mind? I hope no one is planning to use SAML for provisioning. Based on current thinking, I don't think this will work. As I was writing this, I realized that perhaps what was intended was a business transaction scenario, for example: UC-2-08:ebXML, currently in the issues list. In this case, the PDP may retrieve the Authorization Attributes after having received an ebXML message from the user. Are there any other use cases which involve the request of Authorization Attributes when an Authentication Assertion has not previously been issued? Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC