[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] New high level SSO use cases
Scott - This is great start. Thanks for putting this document together. I do have one question/comment. In Scenario 1-1 (SSO with destination site first), I assume that the user may or may not have been authenticated at the source site. I.e., once the user is redirected to the source site, he/she may or may not have to actually authenticate via permanent credentials. If an authenticated session exists between the user and the source site, then the source site simply produces the artifact/assertion. If my assumption is incorrect, perhaps we need to add a new scenario to cover this flow. If it is correct, it may be worthwhile stating it explicitly. Thank you again, Jahan ---------------- Jahan Moreh Chief Security Architect 310.286.3070 > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Thursday, January 30, 2003 5:47 PM > To: SAML > Subject: [security-services] New high level SSO use cases > > > And I do mean high level. > > I think I captured the primary one Jahan and Prateek (among > others) were discussing (which is more or less what Shibboleth has, > roughly speaking). > > I then included a pair of scenarios that in my mind capture most > of my "fancy" requirements at a non-technical level; that is, > having the ability to pass context information (of whatever sort) > from destination to source to affect the SSO process. > > This would presumably be, in Bob Morgan's words, "a structured, > extensible format", and is obviously ground plowed by Liberty phase > 1. > > Anyway, I included a few names as additional contributors on this > individual submission, but please let me know if you violently > object to something and want your name taken off. ;-) > > -- Scott >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC