Closed martinthomson closed 10 years ago
When the IdP doesn't have enough information to authorize the creation of an identity assertion, rather than having it do user interactions, I think that it is best if we allow the site to control this. This describes how that might happen.
This depends on #12 and ekr/ietf-drafts#13. It's based on my feedback in http://lists.w3.org/Archives/Public/public-webrtc/2014Jan/0123.html
When the IdP doesn't have enough information to authorize the creation of an identity assertion, rather than having it do user interactions, I think that it is best if we allow the site to control this. This describes how that might happen.
This depends on #12 and ekr/ietf-drafts#13. It's based on my feedback in http://lists.w3.org/Archives/Public/public-webrtc/2014Jan/0123.html