shibboleth-dev - Re: authentication authority
Subject: Shibboleth Developers
List archive
- From: Scott Cantor <>
- To: Tom Scavo <>
- Cc:
- Subject: Re: authentication authority
- Date: Sat, 08 Oct 2005 15:26:39 -0400
Tom Scavo wrote:
On 10/6/05, Scott Cantor
<>
wrote:
- supporting pseudonymity using transient subject names
We've considered every NameIdentifier under the sun. ShibHandle is
just one possibility but X509SubjectName is still a strong contender. As long as proxy certs remain transparent (with respect to identity),
X509SubjectName makes a lot of sense.
Since the authentication credential itself is still X.509, I think that's pretty much a given, yeah.
Yes, there's more support for NameIDs in SAML 2.0, but I don't think
that's relevant for us since we're hoping for an implementation by the
end of the calendar year. Thus SAML 2.0 doesn't seem to be in the
cards for us.
I know, but that wasn't my point. If you're going to invent new profiles or protocols in SAML 1.1, I'd just reinvent NameID mapping from 2.0, I wouldn't bother with authentication assertions that aren't being used for authentication.
-- Scott
- Re: authentication authority, (continued)
- Re: authentication authority, RL 'Bob' Morgan, 10/04/2005
- Re: authentication authority, Von Welch, 10/04/2005
- RE: authentication authority, Scott Cantor, 10/04/2005
- Re: authentication authority, Tom Scavo, 10/05/2005
- RE: authentication authority, Scott Cantor, 10/06/2005
- Re: authentication authority, Von Welch, 10/07/2005
- RE: authentication authority, Scott Cantor, 10/07/2005
- Re: authentication authority, Chad La Joie, 10/07/2005
- Re: authentication authority, Von Welch, 10/09/2005
- Re: authentication authority, Von Welch, 10/07/2005
- Re: authentication authority, Tom Scavo, 10/08/2005
- Re: authentication authority, Scott Cantor, 10/08/2005
- Re: authentication authority, Tom Scavo, 10/10/2005
- RE: authentication authority, Scott Cantor, 10/10/2005
- Re: authentication authority, Tom Scavo, 10/12/2005
- RE: authentication authority, Scott Cantor, 10/13/2005
- Re: authentication authority, Tom Scavo, 10/13/2005
- Re: authentication authority, Scott Cantor, 10/13/2005
- Re: authentication authority, Tom Scavo, 10/14/2005
- Re: authentication authority, Brent Putman, 10/14/2005
- Re: authentication authority, Tom Scavo, 10/14/2005
- Re: authentication authority, Brent Putman, 10/14/2005
- RE: authentication authority, Scott Cantor, 10/06/2005
- Re: authentication authority, Tom Scavo, 10/05/2005
- RE: authentication authority, Scott Cantor, 10/04/2005
- Re: authentication authority, Von Welch, 10/04/2005
- Re: authentication authority, RL 'Bob' Morgan, 10/04/2005
Archive powered by MHonArc 2.6.16.