OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Credentials Collector proposal for SAML 2 .0...

Title: Credentials Collector proposal for SAML 2.0...
Hi Prateek,
I used the term "translator", rather than "proxy" or "intermediate", to underscore the idea that the CC actually receives messages and/or credentials in one syntax and forwards them on to the AA in another syntax.  It's actually doing a translation function, rather than a collect-and-forward function.
Yes, I think that a proprietary token wrapped in SAML would be OK, except that both the SE and the AA need to understand the token contents, so something proprietary is not ideal here.
-----Original Message-----
From: Mishra, Prateek [mailto:pmishra@netegrity.com]
Sent: Tuesday, April 01, 2003 11:37 AM
To: 'Carlisle Adams'; 'security-services@lists.oasis-open.org'
Subject: RE: [security-services] Credentials Collector proposal for SAML 2 .0...

I think the main use-case of interest to us is CC as translator (case 2.2). I am curious though why you used the term "translator" instead of "proxy" or "intermediate". I had thought of this as a case where some entity other than the AA collects credentials and then interacts with the AA to obtain a SAML assertion or other proof of authentication (e.g., such as a proprietary token). BTW, what is your view of the AA returning a proprietary token? I guess as long as it was "wrapped" in SAML we are OK.
Examples of such internediates include web farms or a web site that communicates with my "home site" (e.g., place of employment) for authentication purposes.
I agree with your recommendation that we focus on Type 1 messages in case 2.2. So our main focus would be defining an expressive request-response protocol between CC and AA.
- prateek

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]