OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Question about the HoK Web Broswer SSOProfile




> > 2. If only server certificates are being used, the IDP 
> could perform the
> > Authnetication for the SP. The SP will still have to know 
> how to do TLS, but
> > not, for example how to validate a hardware token.
> 
> I suppose that's part of it. To me, the value is in 
> offloading the PKI to the IdP. The SP doesn't have to 
> validate the certificate, it just has to compare it to the 
> one the IdP put in the assertion.

But the SP still has to be able to do the TLS protocol, correct?

Hal


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]