mace-opensaml-users - RE: [OpenSAML] PAOS binding
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: <>
- Cc: "'Jonathan Tellier'" <>
- Subject: RE: [OpenSAML] PAOS binding
- Date: Thu, 14 Oct 2010 15:38:30 -0400
- Organization: The Ohio State University
It's probably semi-relevant that I just submitted a new proposal for a
version 2.0 ECP profile:
http://wiki.oasis-open.org/security/SAML2EnhancedClientProfile
The main addition in this draft is support for channel bindings, which
allows the client to authenticate the web service through the IdP without
relying on what passes for authentication in the SSL world today.
I'll also be adding holder of key support in a later draft, which is
particularly useful for "SPs as clients" since they generally have keys.
This should give us something more like a Kerberos level of security instead
of passing around bearer tokens.
-- Scott
- [OpenSAML] PAOS binding, Jonathan Tellier, 10/13/2010
- RE: [OpenSAML] PAOS binding, Scott Cantor, 10/13/2010
- Re: [OpenSAML] PAOS binding, Brent Putman, 10/13/2010
- Re: [OpenSAML] PAOS binding, Valery Tschopp, 10/14/2010
- RE: [OpenSAML] PAOS binding, Scott Cantor, 10/14/2010
- Re: [OpenSAML] PAOS binding, Tom Scavo, 10/14/2010
- RE: [OpenSAML] PAOS binding, Scott Cantor, 10/14/2010
- Re: [OpenSAML] PAOS binding, Jonathan Tellier, 10/18/2010
- Re: [OpenSAML] PAOS binding, Tom Scavo, 10/14/2010
- RE: [OpenSAML] PAOS binding, Scott Cantor, 10/14/2010
Archive powered by MHonArc 2.6.16.