dss message

Subject: RE: [dss] Requester Identity (was RE: [dss] requirements draft 4)

From: Trevor Perrin <trevp@trevp.net>
To: Nick Pope <pope@secstan.com>,Robert Zuccherato <robert.zuccherato@entrust.com>, dss@lists.oasis-open.org
Date: Mon, 05 May 2003 08:54:46 -0700

At 10:32 AM 5/5/2003 +0100, Nick Pope wrote:
>Content-Transfer-Encoding: 7bit
>
>Trevor,
>
>I see your point.  I remain neutral at the moment the about what can go in
>the "supporting infromation" other than I think that it should be there for
>extensability.
>
>I do think, as in my last point, that there should be the ability to
>indicate how the user identity was checked - passsword, kerberos, X509 etc.

I agree - but I think there's a big difference between just *indicating* 
how the user identity was checked (for which I suggest SAML) and actually 
including the hash of the password, or the kerberos ticket, which I'm more 
skeptical about.

Maybe including the X.509 cert makes sense, and I'm wondering if that can 
be done within SAML.

Trevor

References:
- RE: [dss] Requester Identity (was RE: [dss] requirements draft 4)
  - From: Trevor Perrin <trevp@trevp.net>
- RE: [dss] Requester Identity (was RE: [dss] requirements draft 4)
  - From: "Nick Pope" <pope@secstan.com>