John Merrells <[EMAIL PROTECTED]> writes: > On 11-Feb-06, at 3:17 PM, Eric Rescorla wrote: > >> When the user contacts the Membersite (1), it responds with a web >> page prompting the user to enter the URL of its Homesite (2). The >> user then enters the Homesite URL (3). > > Actually, we call it the Homesite Path. The user provides it, so it may > not be a well-formed URL, so we say Path and encourage the > Membersite to turn it into a URL. eg. yahoo.com -> http://yahoo.com/ > >> The Membersite contacts the >> Homesite (4,5) to determine whether the Homesite can provide the >> appropriate kind of authentication. > > Capability, rather than authentication. Yes, a capability could be > a means of authentication. ie. MS wants a HS that can perform > authentication with a Foo-Bar-Baz 2-factor device.
Uh, Capability has a pretty well understood meaning in information security, and it doesn't seem to me that that matches what you're doing here. I would advise finding a new name. >> If it can, the Membersite >> sends the client a redirect (6) (using Javascript) to the >> Homesite. In some way that's not entirely clear > > True. > >> the Homesite >> validates the request and returns a ticket to the Client (8) >> The Client then (via Javascript?) sends the ticket to the >> the Membersite (9). The Membersite contacts the Homesite with >> a digest of the ticket in order to confirm its validity (10) >> If the Homesite says its OK (11), the Membersite returns OK >> to the Client (12) > > Not sure it's a Ticket, but... the HS sends a message digest > and a signature that is a digest of the message digest and > a HS secret... if that's a ticket then yes. > > The MS sends both the digest and the signature to the HS > for verification . Well, we're running a bit short on names (credential, ticket, token, certificate, cookie, etc. being all taken) so I just picked the one I thought was closest on the theory that the term you were using "message" wasn't that evocative. The bottom line here is that the Homesite sends the Membersite a message through the client that vouches for the authentication/ properties/whatever of the client/user. Ticket seems like as good a name as anything for that. -Ekr _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
