Those that exist in the ether for the Plasma project have suddenly decided that they would like to see a new capability that I am not sure is doable in the ABFAB space. Or rather I think it is partly doable but not complete.
They have decided that in some circumstances they want to validate and get information about both the user and the computer that is being used by the client. It is relatively easy to do the authentication portion using the TTLS EAP method if both the client and the server know that it needs to be done. However, I do not know of any way to do the following: 1. Have the RP tell the IdP that it wants to have both the client machine and the client user authenticated. 2. Allow the RP to send a SAML query to the IdP to get attributes of the client machine They also want to be able to get access to a NIA type assessment of the client machine, but I am doing my best to ignore that for the moment. I don't have enough knowledge of NIA to even make a guess if this is a doable operation. Jim _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
