James A. Donald wrote:
>     --
> Is it possible for two web sites to arrange for cross 
> logins?
> 
> The goal is that if someone is logged into website 
> https://A.com as user127, and then browses to 
> https://B.com/A_com_registrants, he will be 
> automatically logged in on b.com as [EMAIL PROTECTED]

project athena was being funded to the tune of $50m split between dec
and ibm. my wife and I got to go by periodically and review their
projects. on one of the visits we were on the leading edge of working
out the details of kerberos cross-domain operation.

in the following years ... it turns out that the protocol wasn't the big
issue ... it was establishing the business trust between two independent
organizations (not the protocol issues) ... random past kerberos posts
http://www.garlic.com/~lynn/subpubkey.html#kerberos

however, maybe two years ago, i saw a presentation on a saml
cross-domain deployment ... that went into some details on the message
flows. I happened to observe that the basic message flows looked exactly
like the kerberos cross-domain message flows (dating back to start of
kerberos cross-domain). first, the person doing the presentation was
surprised that anybody in the audience had ever heard of kerberos ...
and then they finally allowed that their might just be a limited number
of ways of doing cross-domain operation.

saml reference:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to