[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] comments re draft-sstc-metadata-iop-03
Tom Scavo wrote on 2009-02-16: > Today that's true, since the SAML token is bound to a gateway-issued > proxy certificate. But the goal is to bind the SAML token to a > short-lived end-entity certificate (EEC) obtained just-in-time. In > this scenario it is not possible to bind full certificates to metadata > since the EEC is not static. Is the EEC about the user or about the gateway? If the latter, I don't really follow the point of churning the certificates, but I'll take your word for it. If the former, then you have a use case for which metadata was explicitly NOT defined. Metadata was only about system entities, not end users. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]