[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] suggested HoK URIs and namespace prefixes
On Wed, Aug 20, 2008 at 11:14 AM, Scott Cantor <cantor.2@osu.edu> wrote: > >> Are you referring to the delegation issue that Eve raised earlier? > > Yes, exactly. In most deployments, the number of servers with keys greatly > outnumbers the number of users with keys (which is usually close to zero). Not in grid deployments, no, that is far from true. > The most common use case for a HoK assertion is a server accessing something > as the user. So at least now I think I understand where some of your comments are coming from. Comments such as: why couldn't a server bind a key to an assertion where the key was obtained previously, out of band? I made some assumptions about this use case and suggested a patch to the profile to accommodate it (i.e., a timestamp), but at least one person (Conor) had a problem with that scenario. So I'm not sure what to do about it. > Obviously there are flows in which the user could still do the requesting, > but that isn't always the case. Well, then I think the onus is on you to clarify these other use cases so that we can take them into consideration. The dialogue thus far suggests this might be a useful exercise. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]