OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] suggested HoK URIs and namespace prefixes

> I'm not following you, Scott.  In draft-02, I'm assuming that the
> presenter is the subject.

Yes, I'm saying that's too restrictive, but I wasn't addressing this draft
so much with the comment because as I said earlier, I still think all of
that protocol level discussion ought to be eliminated from it anyway.

But you're right, it would be impossible to try to build subsequent profiles
on top of this one if it contained that restriction or assumption.

> This covers Nate's profile and the
> nonbrowser use case I have in mind.  Can you give an example of a use
> case that does not involve the subject but still utilizes
> holder-of-key?  Are you referring to the delegation issue that Eve
> raised earlier?

Yes, exactly. In most deployments, the number of servers with keys greatly
outnumbers the number of users with keys (which is usually close to zero).
The most common use case for a HoK assertion is a server accessing something
as the user.

Obviously there are flows in which the user could still do the requesting,
but that isn't always the case.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]