Subject Re: VO challenges - article
From "Cantor, Scott" <cantor.2@xxxxxxx>
Date Thu, 22 Oct 2015 14:17:36 +0000

On 10/22/15, 6:57 AM, "David Chadwick" <d.w.chadwick@xxxxxxxxxx> wrote:

>But isn't this a protocol issue? The SP can demand this in the request
>cant it? (certainly in our Shib implementation we can ask for either
>persistent or transient and both work)

I can demand a pony, that doesn't mean I'll get one.

My own opinion is that once you give up on using federation for authorization data, it's inevitable that authentication will follow.

If the IdPs don't want to be in the buisiness of helping with access management for the applications using their service, then they won't have a service to worry about within a short span of time.

-- Scott