-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Josh,
>>> This is an interesting use-case. >>> >>> What do you think is the benefit to dynamic cross-layer >>> provisioning of credentials (which I think is what you're >>> describing) over an out-of-band pre-provisioning of credentials? >>> For example, the network operator already presumably includes >>> some credentials in the end user's device for accessing the >>> network (such as a SIM). Why not just use the same credential for >>> applications? Doesn't this bring the same stakeholder benefits >>> that you describe at the end of section 2? >> >> I don't really understand your question. I assume that the service >> provider and the IdP are in different administrative domains, so >> surely you don't want to exchange user credentials across those? > > Doesn't Abfab solve that use-case? E.g. I use my operator-provisioned > SIM credentials to authenticate (using Abfab) to the service > provider. I think so yes, that is why I believe it is proposed in abfab. The draft says: "Inspired by the previous work, this document considers a use case which telecom operator acts as Identity provider (IdP) and federates with non-Web applications, e.g. Email, Messaging." So I think Yinxing proposes an abfab use-case.... but probably Yinxing can better answer that himself.... Klaas -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4USTQACgkQH2Wy/p4XeFKTywCgzC1s0IK5Zyr4kXELVWiJIcFU fTAAn0brdXmAbaGD+n45+apn8BIQ/ZsV =wnjf -----END PGP SIGNATURE----- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
