[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Use Case & Requirements Doc Strawman 1 Issues List
Prateek > my point here is that the need for a "security discovery" service > has nothing to do with browsers. It should be kept distinct from > the web browser use-case. Providing this type of service > is a reasonable requirement that the use-case group can discuss > should it choose to do so. > > I do not follow your statements: > > > where the latter is effectively involving the RP performing a > > challenge-response authentication on the AP, > > after first giving AP its identity and cred-requirements. > > I do not see what this has to do with providing a "security discovery" > security service. Well, it was you who defined the "security discovery". The "cred-requirements" as stated above is the only thing I have insisted on. It is an integrated "security discovery" rather than a generic separate service. Here lies also the "privacy" stuff burried. It is though possible that this can be generalized which is a step more fancy than I initially planned it. But even then such data are just parts of the message contents needed to accomplish Shibboleth. Think I need to dig a little bit more here... Still a little bit curious about the general view of C-R auth as descibed above. Anders
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC