OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Credentials Collector proposal for SAML 2 .0...


Title: Credentials Collector proposal for SAML 2.0...
Hi Irving,
 
I agree completely; I've thought of this use case as well.  However, it seemed easier to start with the translator model first, since this is the one that most people appear to want solved right away.  I think we can move on to model 2.3 after that.
 
Carlisle.
 
-----Original Message-----
From: Irving Reid [mailto:Irving.Reid@baltimore.com]
Sent: Tuesday, April 01, 2003 6:10 PM
To: 'Carlisle Adams'; 'security-services@lists.oasis-open.org'
Subject: RE: [security-services] Credentials Collector proposal for SAML 2 .0...

Looks good overall. My main comment is that there is one important use case where model 2.3 (CC as local authenticator) may be the only possibility. SSL mutual authentication in web servers is almost always buried in the server, so it may not be possible for the AA to get itself into the middle of the proof-of-possession conversation. This leaves a sort of in-between trust model, where the AA can do the certificate validation but needs to trust that the CC has correctly done the proof of possession.
 

 - irving -

-----Original Message-----
From: Carlisle Adams [mailto:carlisle.adams@entrust.com]
Sent: Tuesday, March 11, 2003 2:16 PM
To: 'security-services@lists.oasis-open.org'
Subject: [security-services] Credentials Collector proposal for SAML 2.0...

Hi all,

I've finally gotten around to updating and filling out the Credentials Collector proposal.  I've tried to take into account the brief discussions a few of us have had so far on this topic.  Further comment/discussion is welcome, on the list and perhaps in an upcoming concall.

Carlisle.

<<SAML Credentials Collector.doc>>



-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended
for the addressee(s) only. If you have received this message in error or
there are any problems please notify the originator immediately. The
unauthorised use, disclosure, copying or alteration of this message is
strictly forbidden. Baltimore Technologies plc will not be liable for
direct, special, indirect or consequential damages arising from alteration of the
contents of this message by a third party or as a result of any virus being
passed on.

This footnote confirms that this email message has been swept for Content Security threats, including
computer viruses.

http://www.baltimore.com


This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]