[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Contradictory requirements?
>>>>> "TM" == Tim Moses <tim.moses@entrust.com> writes: TM> Evan - It sounds like you don't really believe in the second TM> of your two proposals. It was a straw man argument, thrown up to be beaten down. B-) TM> So, let's look only at the first. My problem with it is in TM> the last line: TM> "etc., etc., etc." TM> Web server n gets Ticket 1 (which does not contain an TM> authenticator), issued by Web server 1, from Web server n-1. Sorry, but I think you misread that. Web Server N gets Ticket N-1 from Web Server N-1. It requests an AuthC Assertion from Web Server N-1 and gets AuthC Assertion 1 (made by Web Server 1, the original authenticator). TM> It has no idea where the ticket has been between Web server 1 TM> and Web server n-1. So, it has no way of judging whether it TM> is still associated with the same browser. TM> It must blindly trust all intermediaries, without knowing who TM> they are (or even how many they are). No, it only has to trust N-1 (for the ticket), and 1 (for the assertion). That's the only one it has dealings with. ~ESP -- Evan Prodromou, Senior Architect eprodromou@securant.com Securant Technologies, Inc. 415-856-9551
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC