[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] RE: AuthenticationMethod / NameIdentifierand Kerberos authentica tion
On Tue, 13 Apr 2004, John Kemp wrote: > >I'm arguing (unlike Polar) that both are acceptable to *some* people, but > >that (like Polar) one is clearly Kerberos to the relying party's decision > >making process, and the other may not be. > > > >Hiding that distinction is, IMHO, bad. > > > > > > > I think that we should not hide the distinction, and I also don't think > we *need* to hide the distinction - both pieces of information can be > supplied by the IdP. For what my opinion is worth, I agree. I would like to be able to identify the principal who gave the "crown jewels" of this authentication to a friggin web server, so I can label that principal as untrusted, and never to be trusted again. Cheers, -Polar > > - JohnK > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]