[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Non-web client authentication
> As an architecture designer I have problems with designing a system > where the flow must go through a third party application. Unless your IdP is prepared to ship out clients, I'd say you're dead then. Personally, I think most of your issues are really as much about the authentication technology as anything else. Seems like what you really want is tamper-proof smart cards (about as likely as secure clients, I know) so that the desktop environment can't actually get at the private key. > If I was an IdP I would probably not join the federation if the > credentials of my users MUST flow through random, third party > applications. If they went directly to me through a browser window > I would be OK with it. Why? You should definitely ask yourself that, because as others have noted, you're wrong to be more comfortable with that. It doesn't help you, nor could you possibly tell. > 2) One of many goals of federated ID systems is that the user will > get one single login interface that is visually identical and can be > trusted. If third party applications should be allowed to display > username/password widgets, it is a way of saying: "You can enter your > credentials wherever you see a username/password dialog". I think that's a secondary goal, or perhaps it's just a way of achieving the goal of reducing phishing. But personally, I think this is a user issue. If users don't care about their identity, nothing we do will fix that. And they don't, by and large, they hand it over on a whim. So we shouldn't forget that and believe that we can solve this technically. Building foolproof systems just breeds better fools. Obviously, you should probably take a look at Infocard if for no reason other than to get a sense of how it tries to meet your requirements. But none of this is really SAML-related, so it probably should head to some other list. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]