[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Question about the HoK Web Broswer SSOProfile
> > 2. If only server certificates are being used, the IDP > could perform the > > Authnetication for the SP. The SP will still have to know > how to do TLS, but > > not, for example how to validate a hardware token. > > I suppose that's part of it. To me, the value is in > offloading the PKI to the IdP. The SP doesn't have to > validate the certificate, it just has to compare it to the > one the IdP put in the assertion. But the SP still has to be able to do the TLS protocol, correct? Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]