Skip to Content.
Sympa Menu

shibboleth-dev - RE: OS X info, webDAV use case

Subject: Shibboleth Developers

List archive

RE: OS X info, webDAV use case


Chronological Thread 
  • From:
  • To:
  • Subject: RE: OS X info, webDAV use case
  • Date: Wed, 24 Sep 2003 17:03:06 -0400

At 1:32 PM -0400 9/24/03, Scott Cantor wrote:
> maybe using PKI, and presenting a cert, would answer this
question, too

Well, it doesn't prove anything, really, since the cert's public. If I trust
the SHAR to not just hand me a cert for fun, it works. The handle scheme
isn't really secure per se by design, but it puts the onus on a bad SHAR to
invent a valid handle. In the crypto handle case, that's a fairly secure
cross check.


hmmm... so currently the HS provides a "hard to guess, secret value" to the target, and the target uses this to refer to a user, when retrieving attributes......

if the target doesn't have such a value, but does have publicly available information (eg a userid, a cert), is there a technical solution the AA can use to satisfy itself that this is a valid request? Or does it have to rely on policy (ie I know this SHAR, and it has agreed to behave....)

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--




Archive powered by MHonArc 2.6.16.

Top of Page