[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Non-web client authentication
I need an authentication profile for clients that are not web-based. In our architecture we cannot trust applications to handle principal's credentials. We are planning to implement some compromise between user comfort and user credential privacy. Here are an outline of what we will do: The application must initiate a authentication session with the identity provider. It gets an session key back. (and an url to open to the user) The application launches a browser with the given URL including the session key. The user must presents his credentials at the web page. The identity provider login portal tells the user that he is successfully authenticated and should return the application X. The user clicks OK in the application signalling that authentication is performed. The application sends a request to the identity provider with the session key asking if the user is successully authenticated. The application gets back a response that the user is successully authenticated, and may be some user attributes. The protocol between the application and the IdP is SAML. Here are some old draft with more details, but somewhat outdated: http://domen.uninett.no/~andreas/FEIDE/nonweb-profile.html Are there anyone who have standardised something like this. And if not is there any interest of doing so within oasis. If not are there any other forum that could be interested - Liberty? I would think that there should be several others that have the same problems that we have, and have implemented it somehow, please point us in direction of other similar approaches. Kind regards Andreas. -- Andreas Åkre Solberg Andreas.Solberg@uninett.no UNINETT - http://uninett.no Contact Info and PGP Public Key: http://andreas.solweb.no/?Account=Work
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]