[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] WS-SX TC Minutes, Mar 01 2006
> Scott Cantor asked why SP supported supporting tokens if there was not > enough information for the client to know what to do with it. Scott > asked how the usage attribute in the security token reference will get > filled in. This wasn't me. Not sure who it was. All I said was that I felt the discussion was conflating one sort of policy (I think security is too vague a word, period) with what I would call "authorization" policy, but you could use the words access or application there as well. I think TonyN used "application" to mean the same thing I meant. > i031 Clarification for UsernameToken assertion See thread at: > http://lists.oasis-open.org/archives/ws-sx/200602/msg00091.html > Corina Witt stated that the SP should define what features of a token > are used. Scott Cantor asked why SP shouldn't be used to specify what > SAML assertions were required in a specific token instance. Actually, I think I was more saying that based on what I was hearing, it shouldn't (and I did say that it's not confined to SAML, almost all tokens have a lot of variability, including some Kerberos flavors). I wasn't expressing an opinion as to whether it should. > Scott Cantor suggested that it would be useful to know how to link > "application level security" to the information expressed by SP. Not sure I said it, but I agree with it. Thx, -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]