shibboleth-dev - RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1
- Date: Mon, 4 Feb 2008 12:49:07 -0500
- Organization: The Ohio State University
> Sorry, I missed out my assumption that you'd be authenticating the
> *source* of the public key. Obviously if you don't do that you're in
> trouble.
I guess maybe I mistook the intent to *be* the means of authenticating the
source in some manner. Specifically in conjunction with "I know I'm
accessing the SP's metadata endpoint". That has lots of holes due to lack of
transport authentication of course.
> The question is whether if you *are* authenticating the source
> of the public key, adding PoP on top gives you anything you need (in the
> context of people handing a federation operator a public key to be
> embedded in metadata).
No, then it amounts to saying your authentication itself is broken, as the
paper implies.
Of course, doing no authentication at all is analagous to an SSH or OpenID
model of just registering anybody with a key and then just making sure they
keep using that key. It is obviously the case that this was one of the use
cases behind the handler.
-- Scott
- Re: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Ian Young, 02/04/2008
- RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Scott Cantor, 02/04/2008
- Re: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Ian Young, 02/04/2008
- RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Scott Cantor, 02/04/2008
- Re: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Ian Young, 02/04/2008
- <Possible follow-up(s)>
- Re: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Lukas Haemmerle, 02/05/2008
- RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Scott Cantor, 02/05/2008
- Re: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Ian Young, 02/05/2008
- Re: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Lukas Haemmerle, 02/06/2008
- RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Scott Cantor, 02/06/2008
- Re: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Ian Young, 02/06/2008
- RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Scott Cantor, 02/06/2008
- Message not available
- RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Josh Howlett, 02/06/2008
- RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Scott Cantor, 02/06/2008
- Message not available
- RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Josh Howlett, 02/06/2008
- Re: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Ian Young, 02/06/2008
- RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Scott Cantor, 02/06/2008
- RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Scott Cantor, 02/05/2008
- RE: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1, Scott Cantor, 02/04/2008
Archive powered by MHonArc 2.6.16.