> Here's what I think we need out of the SAML request. I think it
> provides a place for S to indicate what attributes it needs. First,
> is this correct? Secondly, is there anything else that our particular
> use cases get out of a SAML request?
I think the way to answer that is best handled by starting with what you
want to get in return, and then in parallel setting out the assumptions made
about what knowledge of the user exists between S, the entity making the
request (if it's not S), and the IdP.
The main thing we have to do is determine the "fit" between those answers
and the existing protocols in SAML.
-- Scott
|