[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] New high level SSO use cases
Scott,
Good document, but I have a question/comment. Is the user deciding where the
source site is which (s)he needs to authenticate against ? I assume not, since
the document states in all scenarios " Destination site redirects the user
to a source site".
If that's the case the picture for Use case 1: between lines 64 and 65 should
show somehow that its a redirection and not self initiated call to authenticate
to source site, same for all the other UML flows, unless I have not understood
the flow correctly.
Thanks
Bhavna
>Date: Thu, 30 Jan 2003 20:46:52 -0500
>From: Scott Cantor <cantor.2@osu.edu>
>Subject: [security-services] New high level SSO use cases
>To: SAML <security-services@lists.oasis-open.org>
>MIME-version: 1.0
>X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>Importance: Normal
>X-Priority: 3 (Normal)
>X-MSMail-priority: Normal
>List-Owner: <mailto:security-services-help@lists.oasis-open.org>
>List-Post: <mailto:security-services@lists.oasis-open.org>
>List-Subscribe: <http://lists.oasis-open.org/ob/adm.pl>,
<mailto:security-services-request@lists.oasis-open.org?body=subscribe>
>List-Unsubscribe: <http://lists.oasis-open.org/ob/adm.pl>,
<mailto:security-services-request@lists.oasis-open.org?body=unsubscribe>
>List-Archive: <http://lists.oasis-open.org/archives/security-services/>
>List-Help: <http://lists.oasis-open.org/elists/admin.shtml>,
<mailto:security-services-request@lists.oasis-open.org?body=help>
>List-Id: <security-services.lists.oasis-open.org>
>Original-recipient: rfc822;bhavna.bhatnagar@sun.com
>
>And I do mean high level.
>
>I think I captured the primary one Jahan and Prateek (among others) were
discussing (which is more or less what Shibboleth has,
>roughly speaking).
>
>I then included a pair of scenarios that in my mind capture most of my "fancy"
requirements at a non-technical level; that is,
>having the ability to pass context information (of whatever sort) from
destination to source to affect the SSO process.
>
>This would presumably be, in Bob Morgan's words, "a structured, extensible
format", and is obviously ground plowed by Liberty phase
>1.
>
>Anyway, I included a few names as additional contributors on this individual
submission, but please let me know if you violently
>object to something and want your name taken off. ;-)
>
>-- Scott
________________________________________________________________________
Bhavna Bhatnagar Sun Microsystems Inc.
Identity Management group __o
Tel: 408-276-3591 _`\<,_
(*)/ (*)
________________________________________________________________________
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC