>>>>> "Cantor," == Cantor, Scott <[email protected]> writes:
Cantor,> On 4/20/12 11:42 AM, "Sam Hartman"
<[email protected]> wrote:
>>
>Just letting you know some thoughts going on elsewhere.
Cantor,> In this vein...
Cantor,> I expect, if it goes anywhere, that SAML-EC will eventually
Cantor,> support SAML-based delegation in the manner implemented by
Cantor,> the Shibboleth project. I don't have the experience yet to
Cantor,> understand how to specify that in conjunction with GSS, but
Cantor,> it should be straightforward.
The delegated credential handle coming out of gss_accept_sec_context
should include a credential element with the appropriate delegation.
As far as how you request the delegation, we don't currently have a good
story for that.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
