OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] RE: AuthenticationMethod / NameIdentifierand Kerberos authentica tion

On Tue, 13 Apr 2004, John Kemp wrote:

> >I'm arguing (unlike Polar) that both are acceptable to *some* people, but
> >that (like Polar) one is clearly Kerberos to the relying party's decision
> >making process, and the other may not be.
> >
> >Hiding that distinction is, IMHO, bad.
> >
> >
> >
> I think that we should not hide the distinction, and I also don't think
> we *need* to hide the distinction - both pieces of information can be
> supplied by the IdP.

For what my opinion is worth, I agree.

I would like to be able to identify the principal who gave the "crown
jewels" of this authentication to a friggin web server, so I can label
that principal as untrusted, and never to be trusted again.


> - JohnK
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]