Hi Hannes, > My fear about SAML in TLS was a history like the following one: > * Hmmm. SAML becomes popular. We should put it in every protocol. > * There isn't an extension for TLS defined yet. Let's do it. > * Now, let's search for the problems it could solve. If the argument that you're making is that injecting authorisation at the same level of the stack (TLS, whatever) is not appropriate for all applications, then I agree 100%. My assertion was that applications should ideally share the same /mechanism/. This does not imply action at the same point of the stack. > >> The reason for the success of these IdM solutions, particularly > >> OpenID. > > > >(Well - OpenID has been a flop in my opinion. It has its > uses, but not > >very interesting ones. But I digress...) > > There are different camps, without doubt. Just to point you > to one other opinion -- Jeff Schiller's webblog I recently discovered: > http://qyv.net/jisblog/2007/05/08/identity-on-the-internet/ I disagree with his sentiments. While I emphasise his frustration at 'policy wonking', that is - unfortunately - where the important problems are, if you want to do anything non-trivial. Anyone who thinks that Internet identity is simply a technology problem is doomed to re-invent SAML, poorly. best regards, josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf