OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Straw Man 2: Proxy use case


I'd like to suggest another variant on the Detailed Use Cases, Scenario 2:
Single Sign-On, Push Model.

I'll tentatively call this Single Sign-On, Proxy Model. In this model, the
user authenticates to a proxy and then sends a request, including
credentials, to the proxy. The proxy generates OSSML assertions, attaches
them to the request, and forwards the request to the destination web site.
The destination web site replies to the proxy, and the proxy forwards the
reply back to the client.

Alternatively, the initial message from the client to the proxy could
include both the authentication credentials and the request rather than
having a separate round-trip for authentication.

There are two sub-variants to this use case: In some cases the proxy will
return OSSML tokens of some sort to the client, and the client will use
those tokens (most likely in the form of HTTP cookies) to make subsequent
requests within the single-sign-on session. In the other variant, the proxy
has an existing session mechanism with the client. In that case, the proxy
can store the OSSML tokens and transparently attach them to subsequent
requests within that session.

 - irving -


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC