On 2/12/09 4:47 PM, "Josh Howlett" <Josh(_dot_)Howlett(_at_)ja(_dot_)net> wrote:
I have a long list of applications, collected from within this
community, with which they would like to use SAML-based authorisation;
and it seems to me that the ability for application protocols to share a
common mechanism for expressing authorisation would mitigate or perhaps
even avoid the need to make application-specific authorisation
extensions.
Right, and to be more specific about it, the kinds of
things that we're talking about include reducing retained
state on devices during the authorization process by
eliminating queries, reducing the problems around service
discovery and topology, and I tend to think that there
are some cross-domain advantages, as well. There are
fate-sharing considerations, where the authorizations
aren't held by devices that don't need them, they're not
delivered if the traffic isn't delivered, and if the
traffic is delivered the authorizations are delivered.
So, I think that in addition to some issues specific
to authorization problems there are some advantages
around traditional networking considerations.
Melinda
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf