[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: ..the notorious bearer subject..
>>>>> "TM" == Tim Moses <tim.moses@entrust.com> writes: TM> Evan - To my mind, anonymity and authentication method are TM> separate issues. Absolutely. But I don't see "bearer" as an "authentication method." I suspect we have different ideas about what "authentication" means. Are you using "authentication method" to mean, "how the relying party determines that an assertion really applies to some subject"? TM> It is possible for an anonymous individual to be strongly TM> authenticated, not merely through possession of a bearer TM> token. OK, well, I guess I'm a little confused, then. We're talking about the "bearer" option that appears in multiple places on the whiteboard from F2F3, right? TM> On the other hand, it is possible for a uniquely-identifiable TM> individual to be authenticated through a bearer token. I'm having a hard time seeing how that one works. I guess I thought of the "bearer" in most of the diagrams as being XOR'd from any other identity. TM> So, I think bearer tokens are only as applicable in the TM> anonymous case as they are in all other cases. OK. I guess I was seeing it as replacing the subject in some assertions. For de-identified* subjects, I guess there are a few other ways of specifying the subject besides "bearer" (e.g., holder-of-this-key). ~ESP * I can't remeber if we are using this term or not. -- Evan Prodromou, Senior Architect eprodromou@securant.com Securant Technologies, Inc. 415-856-9551
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC