On Dec 12, 2011, at 4:59 PM, Nico Williams wrote: > On Mon, Dec 12, 2011 at 2:50 AM, Leif Johansson <[email protected]> wrote: >> On 12/11/2011 06:43 PM, DIEGO LOPEZ GARCIA wrote: >>> But in OpenID Connect the token is used to get access to the >>> attributes, not for establishing trust beetwen the RP (the client >>> in OpenID parlance) and the attribute source. As Alan stated, going >>> this way you cannot get rid of the need for two parallel trust >>> infrastructures, and I think that is the essential argument for >>> transfrerring the SAML data inside RADIUS. >> >> Sorry. I thought dereferencing an attribute handle was exactly what >> Nico was talking about here. > > Well. I was addressing part of the trust issue as well. Instead of > simply getting a URI to dereference you'd also get some cryptographic > metadata with which to authenticate either the location or the > dereferenced data itself.
yes, that is also what I had in mind when I talked about "trusted introducer" Klaas > > Nico > -- > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
