[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf uploade d
I'm not sure that principal-level confirmation can be obtained within the federation protocol per se; the principal isn't a direct peer in that protocol and is trusting the authentication authority to act on its behalf. As Scott suggested earlier in this thread, this may appropriately be a guidance matter for authentication authorities, rather than something that falls within the scope of a protocol spec. --jl -----Original Message----- From: Scott Cantor [mailto:cantor.2@osu.edu] Sent: Wednesday, October 29, 2003 11:32 AM To: Linn, John; 'Beach, Michael C'; security-services@lists.oasis-open.org Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf uploade d > I didn't think to look back at earlier drafts before posting > my message earlier today, but did so subsequently. -02, > e.g., makes the statement "Means shall be specified enabling > the authentication authority to obtain explicit confirmation > by the principal before a federation is established." The > intent was that a means to obtain consent must be available, > not to mandate that the authentication authority (acting > according to its policy) must invoke that means on every > federation instance. Subtle, but true. Question...does ID-FF in your mind address that requirement? I'm not sure I'd claim that it has actually specified such a means. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]