[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
|
[higgins-dev] Notes from higgins-dev call June 8 2006
|
- From: "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx>
- Date: Thu, 8 Jun 2006 16:44:27 -0400
- Delivered-to: higgins-dev@eclipse.org
- Importance: Normal
Attendees: BrianGershon(Interra), KevinTurner(JainRain),
PaulTrevithick(SocialPhysics), MaryRuddy(SocialPhysics), JanCamenisch(IBM),
RajN(IBM), BrianCarrol(Serena), MikeMcIntosh(IBM)
Status of STS integration (MikeM)
---------------------------------
- still working on getting the Relying Party cert
- we think we know how to do get the cert
- Kim Cameron is fixing some bugs in his blog relying site
- This is the site we're testing with (it may be the only one)
Status of PIP/HBX working with BrianG (Interra)
-----------------------------------------------
- discussion of RSS-P and form filling integration
Discussion of STS capabilities
------------------------------
- Kim's blog takes a few short cuts
- The <object> tag tells you who needs to issue the token, required claims,
and type of token
- But you are supposed to also be able to find out the security policy of
the RP site
- This is not yet supported now.
- The convention he created is use his website's SSL cert as the key to
encrypt the token
- Brian: how will the STS be extended? Mike: continued development is
planned after we get past demos
To-dos
------
* Paul said he would verify that the RSS-P URL's id that HBX posts to the RP
site is a constant for that user