[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Comments on proposed NameID protocol
George Fletcher wrote on 2009-10-02: > Where I'm confused with the proposal is how does the IdP authenticate a > user for which it has no credentials? Exactly. The identifier isn't relevant (and the IdP doesn't need it). > It seems like if an SP joins a CoT > it has to provide a legacy auth mechanism for its existing users. It can > also support and upgrade path that allows it's existing users to > associate/link/bind their IdP identifier to their existing SP "account". Right. > This binding process is sort of the inverse of this proposed protocol. Yes, and that's pretty much what federation via SSO *is*, the inverse. That's how it's assumed to work. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]