I think that's overblown. It's annoying. On a scale of 1 to 10, it's about a
3. Maybe.
Is someone trying to tell us that none of those specs standalone?
I guess that's the point I've been trying to make
all along (but this forum is probably not the best place to carry on
that conversation).
No, and *that's* ridiculous. I've heard the same criticism about SAML, so
the fact is that people see what they want to see.
I think it's needless duplication with fewer features.
Which some see as a positive thing, right?
I guess some people might see it that way. Having the features doesn't mean
you have to use them or even implement them. I think it's a positive if a
dumbed down version can talk to the same software as a more complete
version.
But if I honestly
thought that *anybody* could be won over just by pulling SOAP out of
there,
I'd have done it a long time ago.
Me ;-)
I assumed you were speaking for somebody else's prejudices.
If I'm understanding you correctly, I don't agree with that. I have
lots of use cases for h-o-k SAML tokens, even low assurance ones
(i.e., tokens that can be traced to username/password).
If you're talking about stuffing them inside certificates, I consider that
pretty specialized. But so be it.
-- Scott
12 messages in org.oasis-open.lists.security-servicesRE: [security-services] Groups - sstc...