[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] suggested HoK URIs and namespace prefixes
> I'm not following you, Scott. In draft-02, I'm assuming that the > presenter is the subject. Yes, I'm saying that's too restrictive, but I wasn't addressing this draft so much with the comment because as I said earlier, I still think all of that protocol level discussion ought to be eliminated from it anyway. But you're right, it would be impossible to try to build subsequent profiles on top of this one if it contained that restriction or assumption. > This covers Nate's profile and the > nonbrowser use case I have in mind. Can you give an example of a use > case that does not involve the subject but still utilizes > holder-of-key? Are you referring to the delegation issue that Eve > raised earlier? Yes, exactly. In most deployments, the number of servers with keys greatly outnumbers the number of users with keys (which is usually close to zero). The most common use case for a HoK assertion is a server accessing something as the user. Obviously there are flows in which the user could still do the requesting, but that isn't always the case. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]