W3C home > Mailing lists > Public > public-webcrypto@w3.org > January 2013

Re: Another use-case re authentication

From: Ryan Sleevi <sleevi@google.com>
Date: Tue, 8 Jan 2013 18:44:25 -0800
Message-ID: <CACvaWva0iX-oyON_gPHMkiBMGc+E6Pa=FrHw=BUnzfh0DL07zg@mail.gmail.com>
To: Mountie Lee <mountie.lee@mw2.or.kr>
Cc: Harry Halpin <hhalpin@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Tue, Jan 8, 2013 at 6:38 PM, Mountie Lee <mountie.lee@mw2.or.kr> wrote:
> SAML Identity Provider generate digital signature
> and SAML Service Provider verify the signature.
>
> normally user agent is routing data between servers (identity provider and
> service provider)
>
> being identity provider as user agent itself is
> I feel risky.
>
> the usecase can not be recommended.

I'm not entirely sure I agree here, if only because the original
request is ambiguous here. The use cases provided by
Northrop-by-way-of-Harry fail to actually describe who they view as
the actors in this. Who is authenticating against where, etc? In the
smart card credentials case, for example, why or why not is TLS auth
sufficient, etc.

The whole notion of SysApps adds another dimension, so we shouldn't be
quick to judge here.
Received on Wednesday, 9 January 2013 02:44:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:14 UTC