[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Third-party AuthnRequest use case
On Jun 7, 2005, at 10:53 PM, Scott Cantor wrote: >> Just to clarify, the typical portal scenario that we see is where the >> portal is directing users authenticated by an IdP in its own >> organization to SPs in other organizations. In this case, I wouldn't >> expect the portal to be authorized to sign AuthnRequests on behalf of >> those SPs. > > Why not? Isn't that what's happening if you want signing? I guess I > figured > this was much *more* likely if the portal was in the same domain as > the IdP. > If not, it's much less likely that such impersonation could be > permitted. I'm probably just confused, but what I thought you were suggesting was that the portal would be trusted with the signing key of the SP, which I wouldn't expect if the portal lives in a separate organization. So, for example, we might have: 1) company A with IdP_A and Portal_A 2) company B with SP_B 3) company C with SP_C If Portal_A wants to direct users authenticated by IdP_A to SP_B and SP_C it must construct AuthnRequests that look like they come from SP_B and SP_C. In order for Portal_A to sign those requests it would need SP_B's and SP_C's private signing key, which doesn't seem reasonable. -Greg > Of course I'm not saying people must do this, I'm just trying to see > whether > signing should be just ruled out as completely incompatible with the > use > case or not...which I'd say your response would imply? > > At least without a protocol to initiate the request process at an SP, > which > isn't defined now. > > -- Scott > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]