[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] I: [security-services] Token correlation (Nate's summary)
> I think can be useful to post the following conversation with Thinh, it can > help to clarify. It tells me your use case can be adjusted to solve the problem without the addition. > Suppose that a business transaction is restarted by the intermediary > then the IDP issues a new token whose <subject> is set to INT > and the Service Provider receives a request with a SAML <subject> set to > INT. You can instead set the Subject to the identify of the original source of the transaction. You can use a DelegationCondition to express the intermediary as an involved party, and your problem is solved. This is delegation. I said this on the original call, and in email. > In my opinion, each SP will need to know the following: > which business transaction invoked the service, > who the real requestor is, > when the IDP issued the token to authorize the transaction execution. You get all that with delegation. > Therefore, to produce this information, the intermediary will need to carry > the token defined for the original requestor (C1, C2, .Cn) No, it doesn't. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]