OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Use Case & Requirements Doc Strawman 1 Issues List


> my point here is that the need for a "security discovery" service
> has nothing to do with browsers. It should be kept distinct from
> the web browser use-case. Providing this type of service
> is a reasonable requirement that the use-case group can discuss
> should it choose to do so.
> I do not follow your statements:
> > where the latter is effectively involving the RP performing a 
> > challenge-response authentication on the AP,
> > after first giving AP its identity and cred-requirements.  
> I do not see what this has to do with providing a "security discovery"
> security service.

Well, it was you who defined the "security discovery".   The "cred-requirements" as
stated above is the only thing I have insisted on.  It is an integrated
"security discovery" rather than a generic separate service.  Here lies also the "privacy" stuff
burried.  It is though possible that this can be generalized which is a step more fancy than
I initially planned it.  But even then such data are just parts of the message contents needed
to accomplish Shibboleth.  Think I need to dig a little bit more here...

Still a little bit curious about the general view of C-R auth as descibed above.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC