[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Resend: ISSUE:[UC-8-0*:Intermediaries*]
My thoughts here are: we need to keep SAML structure manipulation as simple as possible. I would be very worried about permitting change of structure or content of an assertion. [CR-8-01] and [CR-8-05] pretty much take care of this issue to my satisfaction. Another direction of complexity is modeling unbounded assertion chaining: assertion A depends on B, C and D; assertion B depends upon Q and so on. Some of this stuff is needed: for example, in S2ML, entitlement assertions referred to name assertions. Basically, a login act results in a name assertion which provides the basis for attributes published by different attribute authorities. So S2ML supported 1-level chaining. I would also express concern about a delegation model within SAML. There is no question that delegation is valuable and a core part of business practice; the issue is whether to include it within SAML 1.0. - prateek
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC