On 6/27/07, David Chadwick <d.w.chadwick@kent.ac.uk> wrote:
Tom Scavo wrote:
Not sure why you're so concerned about statement types. An X.509 Binding for SAML Assertions does care much about the payload. (First we have to specify *how* to bind, then we can talk about *what* :)
The reason being that the SAML Authz statement is now acknowledged to be deficient and we will formally deprecate it once the XACML request context replaces it
Again, I'll resist the urge to dive into a detailed discussion here, but I don't quite agree with this sentiment, so this could certainly become an agenda item that the AuthZ WG might consider. With regard to the concern Blair had about the need for an AuthN WG, I'll simply point out the overlap between AuthN and AuthZ insofar as the same security token might convey both types of security information. In our prototype, this is certainly the case, so having two separate WGs is less than ideal, at least with respect to the types of security tokens we are considering. Regards, Tom