OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] RE: How to provide SAML assertions in RESTful services


> 
> > Help me understand your suggestion for TLS? Today we use
> > mutual-authenticated-TLS to be sure the two systems talking are
> > authenticated/authorized. We use SAML for user.
> 
> The TLS part is a way to get a secure key association between an
assertion,
> the client, and subsequent requests.
> 
So what specification do you use to associate a user's SAML assertion
with the TLS client-authentication? And is this in addition to
authenticating the client system? We don't want to have well-intentioned
users to be authenticated strongly, but be using a system that is not
secured (public computer).



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]