[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Comments on Core WD 01 3 Oct 03
At 09:47 AM 10/14/2003 +0100, you wrote: >Content-Transfer-Encoding: 8bit > >OK on (4). > >On 8 - I was referring to the structure agreed in the requirements document. You mean the Requestor Identity structure? According to the requirements doc, this is intended to be used as a signature attribute, not as a protocol element for the purpose of authentication. >I do not believe that TLS includes a protocol element for carrying >authentication tokens. It carries certs. If you want to authenticate with some SAML token or other, you'd use WS-Security, wouldn't you? >I also think that the best place to put single sign on tokens is with the >DSS application, not the protocol that carries the peer to peer exchange. I think the details of how authentications are performed are best left to lower levels. Authentication probably isn't a matter of just sending a token, the client will need to sign the request message or perform some challenge/response or whatever, and I think we should let other people handle those problems. That's what the requirements doc states, at least. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]