[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Non-web client authentication
Den Mar 3, 2006 kl. 16:43 skrev Cahill, Conor P: > I don't know how you can say that you don't trust an > application running on the user's computer since that > application, if it was a bad guy, could do pretty much > anything on the computer including replacing the browser > with their own thing that looks like a browser. On > top of that, the application, once it gets the user > signed in, is trusted to do the right thing for the user. Well, the problem is not bad application and bad user, but good user and bad application. A user should trust the interface in which she enters her credentials. And a user cannot trust a random application. > That said, the probably easiest thing to do would be for > your application to act as a local web server and do > an authen request to the IdP with a response going to > localhost:theportyourlistening to. Then your client > could just act as an SP speaking to the IdP through > the browser SSO profile. I do not fully understand your suggestion. Are you talking about "webscraping" a login service. That's not a "real" solution. -- Andreas Åkre Solberg Andreas.Solberg@uninett.no UNINETT - http://uninett.no Contact Info and PGP Public Key: http://andreas.solweb.no/?Account=Work
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]