OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Non-web client authentication


Having read the whole thread, I think that the best summary is Conor's

> the user doesn't KNOW or have a way
> to prove, that it is really a browser window vs a window
> displayed by the application

Furthermore, if an application, whatever application, is behaving
according to the IdP requirements in terms of protocol, data
contents and trust-establishing material, how can the IdP know
it is talking with a browser or with such a dedicated application?

You *must* clearly define those requirements and *should* make your IdP
software to not accept anything not fulfilling them, but mandating
anything else is simply wishful thinking.

Be goode,

"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez

Red.es - RedIRIS
The Spanish NREN

e-mail: diego.lopez@rediris.es
jid:    drlopez@im.rediris.es
Tel:    +34 955 056 621
Mobile: +34 669 898 094

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]