[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Inclusion of Federated Name RegistrationProtocolin SAML 2.0
> I would like to voice my concerns about the addition of this material > (Section 3.5 in core-06) to the SAML 2.0 materials. My sense is that this > was added at the same time when the AuthNRequest/AuthNResponse material was > added from ID-FF 1.2. However, we have not discussed this material and its > relevance to SAML 2.0. It was added a revision earlier than that material. The Federation Termination messages were added in the latest draft. It's main relevance to me is on the IdP side, providing a way to refresh identifiers to maintain their privacy semantics. > I have not been able to understand the use-case for this protocol exchange. See above for my use case. > At best it seems to represent some kind of completeness consideration > (having introduced IdP generated opaque handles for account linking, we > should also permit their update from SPs?). I can see there maybe some niche > use-cases that require its use but I would like this acknowledged before we > add this material to SAML 2.0. The SP half of the protocol is indeed for those niche cases. I think in ID-FF the ability for the IdP to refresh its identifier was added as an afterthought, but I think that's actually the more useful half. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]