With an actual validation failure, the application would have no access to the user's information.
In the case of a successful validation, the application will have some of the key pieces of information to make its *own* authorization decisions. On Sun, Mar 21, 2010 at 3:19 PM, Marvin Addison <[email protected]>wrote: > > Even if > > the ticket is validated it is the services which determines the access > for > > the user. > > If you mean that the service could choose to ignore a validation > failure, or conversely, to deny a success, then the service is > ultimately in control. Services must be designed to collaborate with > the protocol; this is no different than any other protocol that > requires participants to agree to the terms of the protocol for proper > behavior. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
