Hi Josh, >Hannes wrote: >> Melinda wrote: >> > >> > and that there are >> > some non-trivial advantages to carrying authorizations in-band. >> Namely... > >I don't wish to speak for Melinda, but this is a view shared >by many within my own community. > >I have a long list of applications, collected from within this >community, with which they would like to use SAML-based >authorisation; Interesting. Any interest to share it with us? >and it seems to me that the ability for >application protocols to share a common mechanism for >expressing authorisation would mitigate or perhaps even avoid >the need to make application-specific authorisation extensions. My experience: authorization is often related to the specific application domain. Furthermore, working on SIP SAML I noticed the problems when you go down to specific solutions scenarios. >(The fact that SAML-based Web SSO uses SAML that is bound to >the application-layer is, I believe, only an artifact of a >requirement to avoid modifying contemporary Web browsers and I >don't think it is an approach that would necessarily be >desirable for the general case.) ... a reasonable transition plan, in my view. The reason for the success of these IdM solutions, particularly OpenID. >Binding authorisation to TLS, as suggested by this document, >is one approach that would satisfy the 'common mechanism' >requirement indicated previously. Looking forward to see your solutions. Ciao Hannes > >josh. > >JANET(UK) is a trading name of The JNT Association, a company >limited by guarantee which is registered in England under No. >2881024 and whose Registered Office is at Lumen House, Library >Avenue, Harwell Science and Innovation Campus, Didcot, >Oxfordshire. OX11 0SG > _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf