> Also speaking as an individual. I do support the idea of using RadSec.
> However, I think that one reason why one would be willing to support SAML
> sigs is the simple fact that they exist today and presumably organizations
> might be willing to continu to use their existing practice for end to end
> protection. I realize that in some scenarios it will be impossible for the RP
> to verify the signature, but I'd say that in the majority of cases this is
> not more of a problem than it would be in RadSec (barring trust router
> implementations).
>
Right (still with chair-hat off) deployability is another issue,
although we shouldn't limit
abfab to those that run "traditional" identity federations today, no
matter how many
there are of those.
Cheers Leif
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
