kinda what i was shooting for... :o)
b
"PATO,JOE (HP-PaloAlto,ex1)" wrote:
>
> I agree that the "subject" of an authorization action need not be a user -
> and did not read the SAML definition to restrict in this way (the example
> clause was illustrative not restrictive). Nonetheless, we should clear up
> the definition so that there is no question that we can use attributes to
> identify the subject rather than assuming that identity is the sole
> determinant.
>
> - joe