Re: Cross logins
-- James A. Donald Is it possible for two web sites to arrange for cross logins? Steve Furlong Does this question have a practical end in mind? If so, can you simplify matters by running both web sites on the same host? The situation envisaged is that A.com is known to B.com, and trusted by them, but B.com is unknown to A.com. The context is that I observe in existing internet currencies a lot of remarkably clumsy procedures to verify that X is the rightful account holder of account Y. Typically the web site that you are trying to register with will make a microspend to your account, and you then have to demonstrate knowledge of that microspend It is apparent that tools to facilitate transactions need to be integrated with nym management software and reputation management software. This was discussed long ago, back in the days of the extropian list, even before the cypherpunks lis, but though a decade has passed, such an integrated tool set does not yet exist. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG YrtMBO44wxxM/nfE5hCE0yaIbuhetu6o+aOu+A3/ 4RIHu0PHIJAOz2EHYlgoyDbkJ12edbzWDPGlDCJy7 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cross logins
On Wed, Aug 03, 2005 at 03:15:00PM -0700, James A. Donald wrote: -- Is it possible for two web sites to arrange for cross logins? The goal is that if someone is logged into website https://A.com as user127, and then browses to https://B.com/A_com_registrants, he will be automatically logged in on b.com as [EMAIL PROTECTED] This requires B to trust A, and trust requires a shared key or equivalently a trusted introducer. Given a shared key, A is able to sign (shared secret HMAC, public/private keys or signed Kerberos message) assertions about the user for B's consumption. The signature can be in a referral URL. http://A.com/federated_login.cgi?d=B.comuser=user127expiration=epochtimesignature=base64dataurl=... Absent a valid cookie for a B session, B redirects the user to A's federated login generator page (passing B's name and the url the user wanted), and A redirects the user back to B's federated login verification page passing back the authentication data and the original url, so the user is taken to the right place after the credentials are verified. -- /\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cross logins
Is it possible for two web sites to arrange for cross logins? Check out SAML, esp the browser artifact profile. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cross logins
On 8/3/05, James A. Donald [EMAIL PROTECTED] wrote: -- Is it possible for two web sites to arrange for cross logins? snippety-do-dah Does this question have a practical end in mind? If so, can you simplify matters by running both web sites on the same host? (cc-ing JAD because I never see any responses to messages sent from my GMail acct. I don't know if the GMail traffic is making it to the list.) -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cross logins
* James A. Donald: Is it possible for two web sites to arrange for cross logins? SXIP is a relatively open effort in that direction. The rootsite seems to be proprietary, though. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cross logins
Rich Salz wrote: Is it possible for two web sites to arrange for cross logins? Check out SAML, esp the browser artifact profile. Check out Passel, which lacks the complexity of SAML: http://www.passel.org/ Peter smime.p7s Description: S/MIME Cryptographic Signature
