OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] comments re draft-sstc-metadata-iop-03

Tom Scavo wrote on 2009-02-16:
> Today that's true, since the SAML token is bound to a gateway-issued
> proxy certificate.  But the goal is to bind the SAML token to a
> short-lived end-entity certificate (EEC) obtained just-in-time.  In
> this scenario it is not possible to bind full certificates to metadata
> since the EEC is not static.

Is the EEC about the user or about the gateway? If the latter, I don't
really follow the point of churning the certificates, but I'll take your
word for it. If the former, then you have a use case for which metadata was
explicitly NOT defined. Metadata was only about system entities, not end

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]