[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Non-web client authentication
Hi, Having read the whole thread, I think that the best summary is Conor's statement: > the user doesn't KNOW or have a way > to prove, that it is really a browser window vs a window > displayed by the application Furthermore, if an application, whatever application, is behaving according to the IdP requirements in terms of protocol, data contents and trust-establishing material, how can the IdP know it is talking with a browser or with such a dedicated application? You *must* clearly define those requirements and *should* make your IdP software to not accept anything not fulfilling them, but mandating anything else is simply wishful thinking. Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Red.es - RedIRIS The Spanish NREN e-mail: diego.lopez@rediris.es jid: drlopez@im.rediris.es Tel: +34 955 056 621 Mobile: +34 669 898 094 -----------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]