[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] searching for a use case
On 6/23/06, Cahill, Conor P <conor.p.cahill@intel.com> wrote: > > > > My only *guess* is that they are trying to allow for > > protection of the > > > data independent of the TLS provider (so, perhaps, if they put a > > > separate TLS endpoint in the network nearby the IdP, the data would > > > still be protected all the way to the IdP). > > > > But what would be the function of this middle "endpoint"? It > > would have to be outside the firewall to warrant encryption, > > but in that case, what could such an endpoint do with an > > attribute request whose NameID is encrypted? > > The TLS endpoint can be inside the firewall, but not co-located with > the IdP. Just because you're inside the firewall, doesn't mean we > trust the network and potential interlopers. Okay, I'll accept that the middle endpoint could be inside the firewall. Can you give a real-world example of what this endpoint might do? Why is it in the middle? Thanks, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]