O'Reilly logo
  • ramesh janjyam thinks this is interesting:

A better alternative is to provide a way to continue to allow individual organizations to retain their own authentication systems and still retain the loose coupling inherent in Web services that allows organizations to establish B2B integrations. The solution is cross-domain trust enabled by SAML and contractual agreements about how one entity will trust or not trust another entity whose members present their SAML assertions.

From

Cover of Securing Web Services with WS-Security

Note

ok.. seems there should be contractual agreements about how one entity trusts another whose members present their SAML assestions?