[OGSA-AUTHZ] Next Telecon
David Chadwick
d.w.chadwick at kent.ac.uk
Wed Nov 1 09:47:19 CST 2006
Hi Tom
Sorry but I have to disagree with you.
Tom Scavo wrote:
> In the final analysis, yes, but the Grid SP (taken as a whole) needs
> to know 1) what is the preferred IdP of the user,
Why does it need to know this? Surely the SP only needs to know which
IdPs it trusts, but not which user is associated with which IdP. Only
the user needs to know this and will choose it himself by WAYF or other
means.
and 2) what AA
> endpoint to query. Before the CVS can determine the latter, the PEP
> must supply the former.
I agree with this (except that for small grids, the CVS can have a set
of preconfigured AAs that it trusts. Actually even large grids can make
do with this if there are a few globally trusted AAs. Consider Visa and
Amex for instance. All the shopkeepers in the world only need to know
these two or three AAs and no more for them to accept requests from the
entire global population.)
So I claim the unique identifier of the IdP
> (entityID) must travel from the user to the PEP to the CVS.
I disagree. From the user to the PEP yes, since this will use it for
authentication, but the CVS does not need to know this information.
Then and
> only then can the CVS determine the appropriate endpoint to query.
No, the message from the PEP can contain this information directly
regards
David
>
> Tom
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the ogsa-authz-wg
mailing list