[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Distributed IDP model
In this model, some steps normally carried out by an IDP are delegated to the central identity authority (CIA):(1) IDP authenticates user
(2) CIA provides artifact to IDP
(3) IDP redirects browser to SP with artifact
(4) SP sends artifact to CIA for validation
(5) CIA provides assertion to SP
(6) SP provides online services to userIt's not clear to me how standard SAML protocols would support step 2 above. What's needed is a SOAP request for which the standard response is a SAML artifact.
Did OASIS (or LAP) consider this type of distributed model? Any guidance on this would be much appreciated.
Michael McCormick, CISSP
Lead Architect, Information Security
Wells Fargo Bank
255 Second Avenue South
MAC N9301-01J
Minneapolis MN 55479
( 612-667-9227 (desk) 7 612-667-7037 (fax)
( 612-590-1437 (cell) J michael.mccormick@wellsfargo.com (AIM)
2 612-621-1318 (pager) * michael.mccormick@wellsfargo.com“THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS FARGO"
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]