Hi Melinda, >On 2/12/09 1:16 PM, "Hannes Tschofenig" ><Hannes.Tschofenig@xxxxxxx> wrote: >> The main issue I have been struggeling with these authorization >> extensions inside TLS is that they happen at the wrong layer. > >I don't know about that - I think it really depends on how the >TLS session is being used, etc. Sure. A good example of SAML usage is WebSSO. Using SAML in that usage scenario requires a bit more than just carrying around the SAML assertion. > I think that the more ability >traffic has to describe itself the better, Not sure I understand that. > and that there are >some non-trivial advantages to carrying authorizations in-band. Namely... Ciao Hannes > >Melinda > >_______________________________________________ >Ietf mailing list >Ietf@xxxxxxxx >https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf