[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: ..the notorious bearer subject..
>>>>> "TM" == Tim Moses <tim.moses@entrust.com> writes:
TM> Evan - To my mind, anonymity and authentication method are
TM> separate issues.
Absolutely. But I don't see "bearer" as an "authentication method."
I suspect we have different ideas about what "authentication" means.
Are you using "authentication method" to mean, "how the relying party
determines that an assertion really applies to some subject"?
TM> It is possible for an anonymous individual to be strongly
TM> authenticated, not merely through possession of a bearer
TM> token.
OK, well, I guess I'm a little confused, then. We're talking about the
"bearer" option that appears in multiple places on the whiteboard from
F2F3, right?
TM> On the other hand, it is possible for a uniquely-identifiable
TM> individual to be authenticated through a bearer token.
I'm having a hard time seeing how that one works. I guess I thought of
the "bearer" in most of the diagrams as being XOR'd from any other
identity.
TM> So, I think bearer tokens are only as applicable in the
TM> anonymous case as they are in all other cases.
OK. I guess I was seeing it as replacing the subject in some
assertions. For de-identified* subjects, I guess there are a few other
ways of specifying the subject besides "bearer" (e.g., holder-of-this-key).
~ESP
* I can't remeber if we are using this term or not.
--
Evan Prodromou, Senior Architect eprodromou@securant.com
Securant Technologies, Inc. 415-856-9551
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC