OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Use Case & Requirements Doc Strawman 1 Issues List


>>>>> "AR" == Anders Rundgren <anders.rundgren@telia.com> writes:

    >> ISSUE[UC-1-02:ThirdParty] Use case scenario 3 (single sign-on,
    >> third party) describes a scenario in which a Web user logs in
    >> to a particular 3rd-party security provider which returns an
    >> authentication reference that can be used to access multiple
    >> destination Web sites.

    AR> This is clearly a case of redundancy.  If it is a third-party
    AR> security provider or business party ought to be
    AR> technology-independent IMO.

I would counter that even if it would probably have the same
implementation, it's a separate scenario. Rather than being a peer
relationship between 2 Web sites, it's a one-to-many relationship
between a security service provider and multiple destination sites.

In the concall yesterday, you brought up the fact that there are
technical difficulties with this scenario. We all know 10 ways for
transferring a token between a source and destination site, but
transferring one between a security provider and multiple destination
sites is a little bit trickier.

I'd suggest that, since A2ML (is this an official name yet?) will
probably be used for this kind of service, we should leave in the
scenario. Leaving it out would allow architectures that wouldn't
support the case.

~ESP




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC