shibboleth-dev - RE: Draft Holder-of-Key Web SSO Profile #2
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: Draft Holder-of-Key Web SSO Profile #2
- Date: Thu, 21 Feb 2008 10:58:51 -0500
- Organization: The Ohio State University
> So, as Nate and I discussed, the real question comes down whether the
> ability to interoperate with the current profile is really necessary.
> My personal take is that if you're doing HoK you probably actually care
> that you are gaining the security benefits Nate has outlined in his
> profile. I find the ability for an IdP to insert something like a
> bearer confirmation method in and basically silently destroy this added
> level of security, very disturbing.
I do also, I was going to note the same thing when he talked about "reusing"
the same endpoints.
By definition you can't use bearer here or it's a waste of effort.
-- Scott
- Draft Holder-of-Key Web SSO Profile #2, Nate Klingenstein, 02/17/2008
- Re: Draft Holder-of-Key Web SSO Profile #2, Chad La Joie, 02/21/2008
- RE: Draft Holder-of-Key Web SSO Profile #2, Scott Cantor, 02/21/2008
- Re: Draft Holder-of-Key Web SSO Profile #2, Chad La Joie, 02/21/2008
Archive powered by MHonArc 2.6.16.