[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Comparison of the two web browser discussions
A few comments on the relationship between the web browser related material in [draft-sstc-bindings-model-0.4] and [Tim Moses] These comments are not meant to definitive; instead, they are a means for figuring out pieces common and distinct in both proposals. +++++++++++++++++++++++++++++++++++++++++++++++ (1). Steps 10 - 14 (Tables 1 and 2 of [Tim Moses]) are detailed realization of Scenarios 1-1 ("Pull") and Scenarios 1-2 ("Push") from the Use-Case document. My belief is that the web browser profile in [draft-sstc-bindings-document-model-0.4] more-or-less provides an adequate solution for these cases (actually, the "push" case is currently missing from [draft-sstc-bindings-document-model-0.4], but adding it is straightforward). (2). Table 3 describes the following situation: the user travels from one protected site (Protected site 1) to another, called Protected site 2. (in the use-case document the term destination site is used instead of protected site). We would also like Protected site 2 to enjoy the benefits of prior authentication at the Authentication server. The solution proposed in in Table 3 is that Protected site 1 should be able to inform Protected site 2 about the location of the (shared) Authentication server. Protected Site 2 can then re-direct to the authentication service and using the steps described in (1) above, obtain an assertion. QUESTION: is it proposed that this additional interaction between Protected site 1 and 2 be modeled within SAML? (3). Section 1.1 ("Cross-domain Operation") describes an additional variation on (2), wherein an intermediary ("local authentication server") plays a role in the re-direct protocol between Protected Site 2 and the original authentication server. QUESTION: are there additional requirements here that need to be modeled in SAML bindings? - prateek [Tim Moses] ( http://lists.oasis-open.org/archives/security-bindings/200106/msg00008.html <http://lists.oasis-open.org/archives/security-bindings/200106/msg00008.html > ).
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC