Hi Josh,
Hannes wrote:
Melinda wrote:
and that there are
some non-trivial advantages to carrying authorizations in-band.
Namely...
I don't wish to speak for Melinda, but this is a view shared
by many within my own community.
I have a long list of applications, collected from within this
community, with which they would like to use SAML-based
authorisation;
Interesting. Any interest to share it with us?
and it seems to me that the ability for
application protocols to share a common mechanism for
expressing authorisation would mitigate or perhaps even avoid
the need to make application-specific authorisation extensions.
My experience: authorization is often related to the specific application
domain.
Furthermore, working on SIP SAML I noticed the problems when you go down to
specific solutions scenarios.
(The fact that SAML-based Web SSO uses SAML that is bound to
the application-layer is, I believe, only an artifact of a
requirement to avoid modifying contemporary Web browsers and I
don't think it is an approach that would necessarily be
desirable for the general case.)
... a reasonable transition plan, in my view.
The reason for the success of these IdM solutions, particularly OpenID.
Binding authorisation to TLS, as suggested by this document,
is one approach that would satisfy the 'common mechanism'
requirement indicated previously.
Looking forward to see your solutions.
Ciao
Hannes
josh.
JANET(UK) is a trading name of The JNT Association, a company
limited by guarantee which is registered in England under No.
2881024 and whose Registered Office is at Lumen House, Library
Avenue, Harwell Science and Innovation Campus, Didcot,
Oxfordshire. OX11 0SG
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf