imi message

Subject: RE: [imi] Question regarding encryption

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Mario Ivkovic'" <mario.ivkovic@iaik.tugraz.at>
Date: Mon, 7 Dec 2009 12:55:36 -0500

Mario Ivkovic wrote on 2009-12-07:
> In my envisaged scenario the user would sign an RP defined message, add
> it as an additional claim and transmit it to the IdP. The IdP adds the
> users public key to the token and signs it. This can be seen as a HoK
proof.

Or...just do HoK as it's already defined.

> The only problem is, that this is not possible with the current spec.

All that's needed is an addition defining how to sign the message in which a
token is submitted via form POST, which isn't terribly difficult to do.

-- Scott

Follow-Ups:
- Re: [imi] Question regarding encryption
  - From: Mario Ivkovic <mario.ivkovic@a-sit.at>

References:
- [OASIS Issue Tracker] Created: (IMI-25) ic09:X509Principal andic09:X509SubjectAndIssuer introduced in locations that violate IMI 1.0schema
  - From: OASIS Issues Tracker <workgroup_mailer@lists.oasis-open.org>
- Question regarding encryption
  - From: Mario Ivkovic <mario.ivkovic@a-sit.at>
- Re: [imi] Question regarding encryption
  - From: John Bradley <jbradley@mac.com>
- Re: [imi] Question regarding encryption
  - From: Mario Ivkovic <mario.ivkovic@a-sit.at>
- Re: [imi] Question regarding encryption
  - From: John Bradley <jbradley@mac.com>
- Re: [imi] Question regarding encryption
  - From: John Bradley <jbradley@mac.com>