Re: [higgins-dev] How specify the authentication method in the Relying P

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [higgins-dev] How specify the authentication method in the Relying Party Security Policy

From: Christopher Taylor <christopher.taylor@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 12 May 2009 15:17:12 +0200
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Thunderbird 2.0.0.21 (Windows/20090302)

Leonardo,

AFAIK you can't specify the authentication method as part of the RPpolicy. The reasoning behind this is that the RP has a trustrelationship with the STS and trusts the method that the STS uses to be"good enough". This also makes sense because the RP would have no way tocheck if the STS actually used a specific method or just claims it did.

Of course the STS could support a set of (non-standard) claims thatassert that a certain method was used, which the RP could then requirein its policy.


hth,
 --Chris

Leonardo Straniero schrieb:

Hi All,
I am trying to understand how to specify in the Relying Party SecurityPolicy the authentication method (e.g. username/pwd, X509 certificate,…) a user has to use to authenticate to the IP/STS when requestingsecurity tokens.
I think it is necessary to insert another parameter into the RP’s*web.xml* file.
I saw in a security policy example a field “*Issuer*” as follows:



*  <param-name>Issuer</param-name>*

*  <param-value>shib2.internet2.edu</param-value>*
I know the Higgins STS provides some endpoints:

* *
*…./services/MetadataX509Token* (X509Authentication)
*…/services/MetadataUsernameToken *(UsernamePasswordAuthentication)
and so on.
Is it possible to insert another parameter (for example aMetadataReference parameter that identifies the STST endpoint to beused) to specify the authentication method? Do you know if, adding aparameter like this, CardSpace will properly manage it and select onlythe cards that meet the required authentication method?
Any ideas?

Thanks in advance.
Best Regards.

* *

*============================*

*Dr. Leonardo Straniero*

CRS - Corporate Research

TXT e-Solutions SpA

c/o Tecnopolis N.O.

Strada Prov. per Casamassima Km 3

70010 Valenzano (BA) - Italy

------------------------------------------------------------------------

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- RE: [higgins-dev] How specify the authentication method in the Relying Party Security Policy
  - From: Leonardo Straniero

References:
- [higgins-dev] How specify the authentication method in the Relying Party Security Policy
  - From: Leonardo Straniero

Prev by Date: [higgins-dev] How specify the authentication method in the Relying Party Security Policy
Next by Date: RE: [higgins-dev] How specify the authentication method in the Relying Party Security Policy
Previous by thread: [higgins-dev] How specify the authentication method in the Relying Party Security Policy
Next by thread: RE: [higgins-dev] How specify the authentication method in the Relying Party Security Policy
Index(es):
- Date
- Thread

Breadcrumbs