shibboleth-dev - Draft Holder-of-Key Web SSO Profile #2
Subject: Shibboleth Developers
List archive
- From: Nate Klingenstein <>
- To:
- Subject: Draft Holder-of-Key Web SSO Profile #2
- Date: Mon, 18 Feb 2008 04:07:11 +0000
Round two!
The feedback has been very useful. I've made the following decisions and changes in addition to the ones that I've already stated over the weekend, factoring in feedback both on- and off-list.
Added the following to the background to address Diego's concerns about different TLS configuration/CA requirements and the impact on the user experience. "Deployments should minimize user interaction and avoid mutually conflicting CA requirements by coordinating certificate issuance and TLS configuration."
Changed many references from "web browser" to "[HTTP] user agent". This should generalize the profile to encompass non-web-browser HTTP user agents, but if I were to expand this to include any application- layer protocol I think it would be too hopelessly broad, leaving little to profile. SOAP over HTTP already has good protocols and profiles to choose from. I retained the name "Web Browser" and the associated identifying URN for consistency with the existing profile, but I'm not certain that's best.
Hope you guys like it,
Nate.
Attachment:
draft-sstc-saml-keyed-browser-sso-wd-01.pdf
Description: Adobe PDF document
- Draft Holder-of-Key Web SSO Profile #2, Nate Klingenstein, 02/17/2008
- Re: Draft Holder-of-Key Web SSO Profile #2, Chad La Joie, 02/21/2008
- RE: Draft Holder-of-Key Web SSO Profile #2, Scott Cantor, 02/21/2008
- Re: Draft Holder-of-Key Web SSO Profile #2, Chad La Joie, 02/21/2008
Archive powered by MHonArc 2.6.16.