John Kemp <[email protected]> writes: >And what is the advantage of using X.509 certificates for that ticket- >clipping service, over using bearer tokens as tickets a la Kerberos-> >SAML->OAuth? Is binding the ticket into the encrypted session with a client >secret, worth “PKI"?
X.509 is universal (technology, software support, auditors, management buy- in). It's the path of least resistance no matter how awkward, painful, and liable to be misconfigured it is. See also my other post about bCanUseTheDamnThing, when all you care about is that then you just go for whatever makes it easiest to convey bCanUseTheDamnThing to the other party. Peter. _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
