Re: Another use-case re authentication from Mountie Lee on 2013-01-09 (public-webcrypto@w3.org from January 2013)

From: Mountie Lee <mountie.lee@mw2.or.kr>
Date: Wed, 9 Jan 2013 11:38:27 +0900
To: Harry Halpin <hhalpin@w3.org>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAE-+aYJ0Njny=uxrZFjBifq3b-Jx-MT28oFdTJM+O2PA5iDngw@mail.gmail.com>

SAML Identity Provider generate digital signature
and SAML Service Provider verify the signature.

normally user agent is routing data between servers (identity provider and
service provider)

being identity provider as user agent itself is
I feel risky.

the usecase can not be recommended.


On Tue, Jan 8, 2013 at 3:07 AM, Harry Halpin <hhalpin@w3.org> wrote:

>  ****
>
> **We have some use-cases from Northrop, who emailed it directly to use
> (they are IEs in the WG). Here they are in the form they sent for the
> record. I think they can merge into some of the existing use-cases.  Some
> of it (SAML, smartcard is only partially covered by the Crypto WG) but the
> digital signing of the tokens credentials for SAML could be done.
> **
>
> **-------
> **
>
> Secure Identity Use-Case:
> ********
> Single user:
>
> ·         User is authenticated with username + password****
>
> ·         User is authenticated with username + password and is asked
> follow up questions****
>
> ·         User is authenticated and site key is display or captcha****
>
> ·         User is authenticated with smartcard credentials****
>
> ·         User is authenticated with One Time Password****
>
> ·         User is authenticated with credentials and SAML tokens are
> generated to be used for SSO****
>
> ** **
>
> Multiple users on a single computer:****
>
> ·         User A is authenticated with username + password to site A****
>
> ·         User B is authenticated with username + password to site A****
>
> ·         User A is authenticated with username + password to site A and
> is asked follow up questions****
>
> ·         User B is authenticated with username + password to site A and
> is asked follow up questions****
>
> ·         User A is authenticated with credentials and SAML tokens are
> generated to be used for SSO****
>
> ·         User B is authenticated with credentials and SAML tokens are
> generated to be used for SSO****
>
> ** **
>



-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World

Received on Wednesday, 9 January 2013 02:39:15 UTC