OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] searching for a use case

On 6/23/06, Cahill, Conor P <conor.p.cahill@intel.com> wrote:
> > > My only *guess* is that they are trying to allow for
> > protection of the
> > > data independent of the TLS provider (so, perhaps, if they put a
> > > separate TLS endpoint in the network nearby the IdP, the data would
> > > still be protected all the way to the IdP).
> >
> > But what would be the function of this middle "endpoint"?  It
> > would have to be outside the firewall to warrant encryption,
> > but in that case, what could such an endpoint do with an
> > attribute request whose NameID is encrypted?
> The TLS endpoint can be inside the firewall, but not co-located with
> the IdP.  Just because you're inside the firewall, doesn't mean we
> trust the network and potential interlopers.

Okay, I'll accept that the middle endpoint could be inside the
firewall.  Can you give a real-world example of what this endpoint
might do?  Why is it in the middle?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]