"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> wrote:
Alan is not entirely consistent with the language that has been
developed by the field but he is a lot closer.
The terminology I'm familiar with comes from a related field: login
access control and accounting. The terms are similar, but not always
identical.
Your terminology looked similar to the terminology we used in
discussions at the start of SAML. Basically we found that some
of the uses we were making of the terms were a bit ambiguous so
we tightened up while writing the specs.
Basically SAML was a joint effort of the single sign on vendors.
So having gone through the terminology thing once I don't think
it should be re-opened :-)
The key thing here is a consistent point of view. Hadmut is
looking at the problem from the point of view of the publisher
of the information. This leads to very confused interpretations
since the spec is about the information from the point of view
of the people relying on it.
The idea that the onus lies on the speaker to make themselves
understood goes back to Aristotle and the rhetorics. When I
issue an accreditation it will be on the basis of the infomation
they supply and I authenticate. But I deliberately do not call it
authentication information because it is only authentication in
my context. The relying party has to authenticate the subject
themselves and then determine if my accreditation information is
relevant.
Phill