-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Speaking strictly as an individual...
> Relying on SAMl signatures viloates the one-trust-infrastructure
> design principle. In particular, it's generally a bad idea for a
> security system to force deployers to set up more than one trust
> infrastructure because those are very expensive. If we're using
> GSS-EAP we already have AAA trust. We should use that.
Not getting into any of the other points, arguably SAML trust infra-
structure is much more widely deployed than AAA infrastructure in the
environments where KDCs are widely deployed.
Also I've yet to see a practical example of the single trust-infra-
structure principle applied.
Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7Ai4YACgkQ8Jx8FtbMZncJcwCZAfSpdo5/ELSy1/9k0tvSw/c7
2+UAoLBPzXnF7EzAP+3iNlllP1XUt8sd
=f+Mg
-----END PGP SIGNATURE-----
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
