- From: Ryan Sleevi <sleevi@google.com>
- Date: Tue, 8 Jan 2013 18:44:25 -0800
- To: Mountie Lee <mountie.lee@mw2.or.kr>
- Cc: Harry Halpin <hhalpin@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Tue, Jan 8, 2013 at 6:38 PM, Mountie Lee <mountie.lee@mw2.or.kr> wrote: > SAML Identity Provider generate digital signature > and SAML Service Provider verify the signature. > > normally user agent is routing data between servers (identity provider and > service provider) > > being identity provider as user agent itself is > I feel risky. > > the usecase can not be recommended. I'm not entirely sure I agree here, if only because the original request is ambiguous here. The use cases provided by Northrop-by-way-of-Harry fail to actually describe who they view as the actors in this. Who is authenticating against where, etc? In the smart card credentials case, for example, why or why not is TLS auth sufficient, etc. The whole notion of SysApps adds another dimension, so we shouldn't be quick to judge here.
Received on Wednesday, 9 January 2013 02:44:53 UTC