RE: Updated SSO & Federated Identity use cases from Mary Ellen Zurko on 2007-01-15 (public-wsc-wg@w3.org from January 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Mon, 15 Jan 2007 11:51:49 -0500
To: hlockhar@bea.com
Cc: public-wsc-wg@w3.org
Message-ID: <OF3D321D41.FD27E687-ON85257264.005C9B1F-85257264.005CA2F4@LocalDomain>

Another difference is the authority (the user, vs some third party). 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




"Hal Lockhart" <hlockhar@bea.com> 
Sent by: public-wsc-wg-request@w3.org
01/08/2007 10:49 PM

To
"Sverdlov, Yakov" <Yakov.Sverdlov@ca.com>
cc
<public-wsc-wg@w3.org>
Subject
RE: Updated SSO & Federated Identity use cases






I guess I don?t get the point of Case 4. There are literally scores of 
variations on the cases 1-3 which I did not mention because the details 
may or may not matter. Certainly the systems mentioned allow the Subject 
Name identifier to be the same. Having them be different is the more 
interesting case because:
 
A. It is more general
B. It can preserve privacy.
C. In the real world people actually possess ids with different Subject 
Name Identifiers.
 
In your mind what is the critical difference in case for, other than being 
yet another data flow?
 
Hal
 

From: member-wsc-wg-request@w3.org [mailto:member-wsc-wg-request@w3.org] 
On Behalf Of Sverdlov, Yakov
Sent: Monday, January 08, 2007 8:49 AM
To: member-wsc-wg@w3.org
Subject: Updated SSO & Federated Identity use cases
 
Hi,
 
I added Identity 2.0 section to the SSO & Federated Identity Wiki page. 
After looking at the REST use cases, I don?t think they are distinct 
enough from the security context perspective, so I didn?t add them to the 
Wiki.
 
Regards,
 
Yakov Sverdlov
CA

Received on Monday, 15 January 2007 16:51:59 UTC