Sam Hartman wrote: > The Kerberos community has many years of experience that > within an infrastructure, carrying authorizations in-band has > been useful and has reduced the effort required to fit an > application into a larger infrastructure. Just a quick plug, following Sam's comments: augmenting Kerberos with SAML is one of the possibilities discussed within a paper that was recently published by the MIT Kerberos Consortium. http://kerberos.org/software/kerbweb.pdf josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf