[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: FW: [provision] DU0002 RA - PSP Create Accounts
One
last thing. I don't think we should address organization information enabling a
more diverse nature of organizing identities per implementation without creating
dependencies within the protocol. So, if organization information is needed, it
would be part of the identity schema.
Tony
-----Original Message-----
From: Tony Gullotta Sent: Monday, April 15, 2002 10:40 AM To: 'Darran Rolls'; provision@lists.oasis-open.org Subject: RE: [provision] DU0002 RA - PSP Create Accounts I
concur with Darran with one change and one addition.
1. I
don't believe step "e" below is needd unless we're implying the PSP is going to
resend the status to the RA if the RA does not acknowledge the previous message
within a time threshold.
2. It
appears as though this use case has implied prior trust being established
between the RA and the PSP. Is this sufficient for this first phase, or should
we address a less trusting model? I'm thinking about something that requires
some sort of certificate of authenticity is needed to ensure the identity
information being passed is accurate. This could be the RA's certification if
trust has been pre-established, or a third party if not. This would most likely
be something that SAML could help out with.
Tony
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC