Shibboleth Developers

["David L. Wasley" <>]

At 5:03 PM -0400 on 9/24/03, 

 wrote:

> At 1:32 PM -0400 9/24/03, Scott Cantor wrote:
>  > maybe using PKI, and presenting a cert, would answer this
> > >  question, too
> >
> > Well, it doesn't prove anything, really, since the cert's public. If I trust
> > the SHAR to not just hand me a cert for fun, it works. The handle scheme
> > isn't really secure per se by design, but it puts the onus on a bad SHAR to
> > invent a valid handle. In the crypto handle case, that's a fairly secure
> > cross check.
>
> hmmm...  so currently the HS provides a "hard to guess, secret 
> value" to the target, and the target  uses this to refer to a user, 
> when retrieving attributes......
>
> if the target doesn't have such a value, but does have publicly 
> available information (eg a userid, a cert), is there a technical 
> solution the AA can use to satisfy itself that this is a valid 
> request? Or does it have to rely on policy (ie I know this SHAR, and 
> it has agreed to behave....)
If the requester is not "known" to the AA, it should return only 
"public information" that it would give to anyone.  What this 
information might be is a local decision.


        David

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

   http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--