OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Third-party AuthnRequest use case

> I'm probably just confused, but what I thought you were suggesting was 
> that the portal would be trusted with the signing key of the SP, which 
> I wouldn't expect if the portal lives in a separate organization.

No, I'd use a different phrasing...the portal might be trusted with a key
that is authorized by an IdP to sign particular messages (say, an
AuthnRequest) as the SP. That doesn't mean the portal has the SP's key. It
just means that the portal's key is authorized (probably by only one IdP) to
sign for the SP in some constrained way.

As I said, I can't speak for others, but our implementation seperates (or at
least can separate) the keys an entity can use from the entity's "identity".

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]