El 09/11/12 05:12, Diego R. Lopez escribió: > On 8 Nov 2012, at 19:28 , Sam Hartman wrote: >> If you're going to use RADSEC with a public-key based TLS cipher or if >> you're going to use SAML signatures, you need the public key of the >> signer, yes. >> I think the people proposing validation of signatures as an MTI were >> aware that public-keys would be needed to make use of signatures. >> So, I think both RADSEC and SAML signatures have similar requirements >> for public-keys in typical deployments. >> A PKI is one approach for getting these public keys. > Right. In any case you need a key distribution mechanism, PKI or > whatever. To my view, the difference is that in the case of RADSEC you > put the trust fabric on the same AAA infrastructure you are using > through ABFAB, while relying on SAML signatures require a trust > fabric on an ancilliary infrastructure. exactly
regards, Gabi. > Be goode, > > -- > "Esta vez no fallaremos, Doctor Infierno" > > Dr Diego R. Lopez > Telefonica I+D > http://people.tid.es/diego.lopez/ > > e-mail: [email protected] > Tel: +34 913 129 041 > Mobile: +34 682 051 091 > ----------------------------------------- > > > ________________________________ > > Este mensaje se dirige exclusivamente a su destinatario. Puede consultar > nuestra política de envío y recepción de correo electrónico en el enlace > situado más abajo. > This message is intended exclusively for its addressee. We only send and > receive email on the basis of the terms set out at: > http://www.tid.es/ES/PAGINAS/disclaimer.aspx -- ---------------------------------------------------------------- Gabriel Lpez Milln Departamento de Ingeniera de la Informacin y las Comunicaciones University of Murcia Spain Tel: +34 868888504 Fax: +34 868884151 email: [email protected] _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
