shibboleth-dev - RE: authentication authority
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: authentication authority
- Date: Fri, 7 Oct 2005 09:59:41 -0400
- Organization: The Ohio State University
> I think you've got it, though I don't understand why you think it
> only makes sense if the CA and IdP are in separate domains. From my
> perspective bridging mechanisms has the same impact here as domains.
My sequence of steps involved authenticating to MyProxy with SAML. Tom's did
not, it assumed the MyProxy used the same authentication source as the SAML
IdP. That's not feasible unless the MyProxy is in the same domain as the
IdP.
In the former case, while I suppose you could invent a lot of new stuff to
enable use of SAML to authenticate to MyProxy, I don't think anyone would
bother if it shared a domain already with the authentication source.
That's why I think the domains matter.
-- Scott
- Re: authentication authority, (continued)
- Re: authentication authority, Brent Putman, 10/14/2005
- Re: authentication authority, Tom Scavo, 10/14/2005
- Re: authentication authority, Tom Barton, 10/14/2005
- Re: authentication authority, Tom Scavo, 10/14/2005
- RE: authentication authority, Scott Cantor, 10/14/2005
- Re: authentication authority, Tom Scavo, 10/14/2005
- Re: authentication authority, Scott Cantor, 10/14/2005
- Re: authentication authority, Brent Putman, 10/14/2005
- Re: authentication authority, Tom Scavo, 10/14/2005
- RE: authentication authority, Scott Cantor, 10/07/2005
- Re: authentication authority, Tom Scavo, 10/08/2005
- Re: authentication authority, Von Welch, 10/09/2005
Archive powered by MHonArc 2.6.16.