[Wg-egov] FW: [security-services] SAML deployments that use consent step?
Paul Madsen
paulmadsen at rogers.com
Mon Nov 16 09:01:00 EST 2009
wrt consent in a response, is it conceivable that an RP would interpret
a consent value of 'current-explicit' differently than a value of
'current-implicit' or 'prior', ie using the former as an indicator of
attribute freshness because of the implied active user involvement?
Stretching I acknowledge ....
Paul
Scott Cantor wrote:
> Kyle Meadors wrote on 2009-11-12:
>
>> I agree the conversation began with consent at the SP, but they eventually
>> covered both sides. It was a bit confusing. I just felt it would be good
>>
> to
>
>> put it on our radar.
>>
>
> Here's the point...
>
> Consent in a request has nothing obvious to do with the traditional notion
> of users consenting to the release of attributes, and in most cases seems to
> be thought of as applicable to scenarios in which the SP is granted license
> to tell the IdP that consent for something was given without the IdP having
> to handle consent itself. I don't think that applies to most eGov scenarios
> I've heard of.
>
> Consent in a response....well, sorry, I don't see the point. Colin already
> said it, if you got a response then apparently the right stuff happened.
>
> -- Scott
>
>
> _______________________________________________
> Wg-egov mailing list
> Wg-egov at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-egov
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-egov/attachments/20091116/94019997/attachment.html
More information about the Wg-egov
mailing list