On 2/12/09 4:47 PM, "Josh Howlett" <Josh.Howlett@xxxxxx> wrote: > I have a long list of applications, collected from within this > community, with which they would like to use SAML-based authorisation; > and it seems to me that the ability for application protocols to share a > common mechanism for expressing authorisation would mitigate or perhaps > even avoid the need to make application-specific authorisation > extensions. Right, and to be more specific about it, the kinds of things that we're talking about include reducing retained state on devices during the authorization process by eliminating queries, reducing the problems around service discovery and topology, and I tend to think that there are some cross-domain advantages, as well. There are fate-sharing considerations, where the authorizations aren't held by devices that don't need them, they're not delivered if the traffic isn't delivered, and if the traffic is delivered the authorizations are delivered. So, I think that in addition to some issues specific to authorization problems there are some advantages around traditional networking considerations. Melinda _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf