[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: SAML as attribute-certificate vehicle?
These are just some thoughts from a SAML "list-lurker". A problem with the X509 AC is that the infrastructure is not entirely in place. SAML could be one such replacement. Scenario: 1. The client authenticates to an AA site using client-side PKI and SSL authentication. 2. The client clicks on a target-link on the AA site that creates a signed assertion (=AC) containing a reference to the PKC 3. The client is redirected to the RP site that also performs SSL-client side authentication and verifies and that the also read assertion contains the proper PKC-ref. Pardon me if the existing SAML specification already supports this. This can be combined with a Passport-like operation by contacting the RP first. Cheers, Anders Rundgren X-OBI
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC