OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: HoK Web SSO Profile and security context

Section 2.4 of the HoK Web SSO Profile discusses using the public or  
session key to create a security context.

However, I don't understand how this security context should be  
manifested. For example, does this mean that the application-layer  
session (e.g. cookie state) can be substituted by transport (TLS)  
based session? Or does it mean that transport-derived crypto material/ 
state can be used to mint bearer-aware cookies for the application  
session? Or does it mean something else entirely?

Thanks, josh.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]