[Wg-egov] FW: [security-services] SAML deployments that use consent step?
paulmadsen at rogers.com
Mon Nov 16 09:01:00 EST 2009
wrt consent in a response, is it conceivable that an RP would interpret
a consent value of 'current-explicit' differently than a value of
'current-implicit' or 'prior', ie using the former as an indicator of
attribute freshness because of the implied active user involvement?
Stretching I acknowledge ....
Scott Cantor wrote:
> Kyle Meadors wrote on 2009-11-12:
>> I agree the conversation began with consent at the SP, but they eventually
>> covered both sides. It was a bit confusing. I just felt it would be good
>> put it on our radar.
> Here's the point...
> Consent in a request has nothing obvious to do with the traditional notion
> of users consenting to the release of attributes, and in most cases seems to
> be thought of as applicable to scenarios in which the SP is granted license
> to tell the IdP that consent for something was given without the IdP having
> to handle consent itself. I don't think that applies to most eGov scenarios
> I've heard of.
> Consent in a response....well, sorry, I don't see the point. Colin already
> said it, if you got a response then apparently the right stuff happened.
> -- Scott
> Wg-egov mailing list
> Wg-egov at kantarainitiative.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Wg-egov