On Mon, Dec 12, 2011 at 2:50 AM, Leif Johansson <[email protected]> wrote: > On 12/11/2011 06:43 PM, DIEGO LOPEZ GARCIA wrote: >> But in OpenID Connect the token is used to get access to the >> attributes, not for establishing trust beetwen the RP (the client >> in OpenID parlance) and the attribute source. As Alan stated, going >> this way you cannot get rid of the need for two parallel trust >> infrastructures, and I think that is the essential argument for >> transfrerring the SAML data inside RADIUS. > > Sorry. I thought dereferencing an attribute handle was exactly what > Nico was talking about here.
Well. I was addressing part of the trust issue as well. Instead of simply getting a URI to dereference you'd also get some cryptographic metadata with which to authenticate either the location or the dereferenced data itself. Nico -- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
