[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Use Case & Requirements Doc Strawman 1 Issues List
>>>>> "AR" == Anders Rundgren <anders.rundgren@telia.com> writes: >> ISSUE[UC-1-02:ThirdParty] Use case scenario 3 (single sign-on, >> third party) describes a scenario in which a Web user logs in >> to a particular 3rd-party security provider which returns an >> authentication reference that can be used to access multiple >> destination Web sites. AR> This is clearly a case of redundancy. If it is a third-party AR> security provider or business party ought to be AR> technology-independent IMO. I would counter that even if it would probably have the same implementation, it's a separate scenario. Rather than being a peer relationship between 2 Web sites, it's a one-to-many relationship between a security service provider and multiple destination sites. In the concall yesterday, you brought up the fact that there are technical difficulties with this scenario. We all know 10 ways for transferring a token between a source and destination site, but transferring one between a security provider and multiple destination sites is a little bit trickier. I'd suggest that, since A2ML (is this an official name yet?) will probably be used for this kind of service, we should leave in the scenario. Leaving it out would allow architectures that wouldn't support the case. ~ESP
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC