English (and I venture all other languages) provides a range of mechanisms for its speakers by which they can pose a request of another in such a manner that both participant's face is protected. (By 'face' I mean that nebulous attribute that people have when they are not being embarrassed or their status is being diminished.)
For instance, 'Can I ask you you to pass the milk?'.
Because the speaker hasn't actually asked the listener for the milk, merely for permission to do so, their face need not automatically be impacted if the milk is not passed (by a presumably 'lactose intolerant' dining mate)- they can just pretend that that they didn't even really want the milk. 'Milk, who wants milk, not me!'.
And from the listener's PoV, their face is protected if they DO pass the milk - as the request was phrased so indirectly and not as a command, they won't appear to be a subservient flunky if they send the pitcher down the table.
We call these 'conversational best practices' being polite - 'rude' people (or communities) don't apply them, polite people (or communities) do.
I'd argue that, by this definition, the SAML protocol is rude, and WS-Federation is polite. A SAML RP comes right and and demands of the IdP that the user be authenticated with the <saml:AuthnRequest> message; a WS-Trust requestor, (who wants the same thing, poses their query in a more roundabout and indirect manner by asking for a token with the <wst:RequestSecurityToken>.
This is of course mere coincidence - I know some very polite SAML contributors, and some (well one) quite rude WS-Federation contributor.
No comments:
Post a Comment