On 2/11/13 10:35 AM, "Jim Schaad" <[email protected]> wrote:
>It is true that a certificate is not needed, however in the cases that we >are looking at - cross-organization requests - it will be more likely to >want to include it than not. Otherwise you have a much harder problem of >supporting referring to and fetching the certificate in order to validate >the signature. Well, not to dispute a major reason this WG exists, but we do just fine with SAML metadata for that purpose. -- Scott _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
