[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Re: Proposed Agenda for SSTC Call (May 18, 2010)
> Another way to approach this would be to embed an Assertion inside an > AuthnRequest via an Extension as the provisioning flow, and perhaps > duplicate the assertion subject into the AuthnRequest to "connect" them. > That's just the inverse of my suggestion. That might be more consistent with > existing flows but without fundamentally reinventing anything. Forgot to mention, obviously this is superficially more like the original AddSubject proposal that I was objecting to, but the difference is: - it's not a new protocol, rather it's carried along with a standard SSO request - it's front-channel, with security properties that are already understood - the assertion acts as a security token and has subject confirmaation, an audience, etc., rather than just acting as data -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]