[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: SAML as attribute-certificate vehicle?
These are just some thoughts from a SAML "list-lurker".
A problem with the X509 AC is that the infrastructure is
not entirely in place. SAML could be one such replacement.
Scenario:
1. The client authenticates to an AA site using client-side PKI
and SSL authentication.
2. The client clicks on a target-link on the AA site that creates a
signed assertion (=AC) containing a reference to the PKC
3. The client is redirected to the RP site that also performs
SSL-client side authentication and verifies and that the
also read assertion contains the proper PKC-ref.
Pardon me if the existing SAML specification already supports this.
This can be combined with a Passport-like operation by contacting the
RP first.
Cheers,
Anders Rundgren
X-OBI
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC