Hi Brian, yes sorry I had to move the session to avoid conflicting with WRAP :-)
With respect to consent, its only for one of the permutations presented in the deck that SAML IdP overlaps with the OAuth SP - these being the two actors potentially asking for consent. So, whether or not the SAML sequence has a consent step (and I think its fair to say there is no clear consensus in the SAML community as to whether there needs be, and even whether most deployments do have one) it doesnt necessarily preclude (or is inconsistent with) a consent step for OAuth. Integrating protocols like this becomes more useful when things like consent (and discovery, trust etc ) can be shared/reused across the protocols. Paul Brian Eaton wrote: > On Sun, Nov 8, 2009 at 3:23 PM, Paul Madsen <[email protected]> wrote: > >> FYI, we had an initial discussion of possibilities for a 'SAML & OAuth >> Hybrid' at last week's IIW. >> > > Thanks for sending out this slide deck, Paul. I wanted to go to this > session but missed it. > > One question about use cases... today most SAML deployments don't > involve an individual user consent step. The IdP and the RP have a > business arrangement instead. Are you thinking that the SAML/OAuth > hybrid would be used in that model? Or would it be involved in more > flexible SAML deployments, where individuals are expected to consent > to sharing data? > > Cheers, > Brian > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
