[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xdi] Link Contract Authentication Requirement
I think XDI needs to support PKI (Federal/DoD market, some enterprise market), OAUTH (rest of enterprise market), and none (hobbyists and people learning the technology). I think SAML can be an add on later. What Id' recommend that we focus on a generic token-based credential passing authentication, message signing, and message encryption, and leave the specific mechanisms for a separate document. This lets people with different needs use the same core spec but use different security profiles. So to sum up: Core doc: XDI Signing, XDI message based encryption, incorporation of i-name and zero or more authentication tokens Later (in near term) docs... .. PKI-based XDI authentication, specifically with details on using a CAC and covering CRLs, etc. .. OAUTH-based XDI Authentication .. Web of Trust authentication (Connect.me, PGP, etc.) -Bill -----Original Message----- From: Michael Schwartz [mailto:mike@gluu.org] Sent: Friday, June 03, 2011 10:04 AM To: OASIS - XDI TC Cc: yuriy@gluu.org Subject: [xdi] Link Contract Authentication Requirement I think OX needs to support 4 authentication trust models: 1) None (secure network is trust model) 2) PKI (requester publishes public key, and signs messages) 3) SAML (organization signs message) 4) OAUTH (requster publishes consumer IDP and username, and is re-directed there for authentication) It think it would be convenient to have XRI vocabulary to express these policies in a Link contract. Thoughts? - Mike -------------------------------------------------------------------------------------- Michael Schwartz Gluu Founder, CEO mike@gluu.org https://www.gluu.org +1 646-810-8761 --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]