Re: [security-services] IDP Proxying & Distributed Authentication - Scott Cantor - org.oasis-open.lists.security-services

4 messages in org.oasis-open.lists.security-servicesRe: [security-services] IDP Proxying ...

From	Sent On	Attachments
Paul Madsen	Jun 7, 2007 11:47 am
Scott Cantor	Jun 8, 2007 1:48 pm
Tom Scavo	Jun 8, 2007 6:17 pm
Scott Cantor	Jun 8, 2007 6:34 pm

Subject:	Re: [security-services] IDP Proxying & Distributed Authentication
From:	Scott Cantor (cant...@osu.edu)
Date:	Jun 8, 2007 6:34:56 pm
List:	org.oasis-open.lists.security-services

Tom Scavo wrote:

I agree, this is what we do, and it works well. By nesting an assertion in Advice, an IdP implicitly asserts: 1) I am an IdP Proxy, 2) I trust the IdP indicated in the nested assertion, and 3) I have validated the response that previously contained the nested assertion.

That would violate privacy in the general case, I was referring to passing along the context, not an assertion.

-- Scott

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets