[higgins-dev] Re: R-Card Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[higgins-dev] Re: R-Card Authentication

From: Paul Trevithick <ptrevithick@xxxxxxxxx>
Date: Wed, 08 Jul 2009 11:24:26 -0400
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: Acn/3CqsN0H/WmsITV+AI0QtqR7OGAABAL2V
Thread-topic: R-Card Authentication
User-agent: Microsoft-Entourage/12.19.0.090515

Title: Re: R-Card Authentication

On 7/8/09 10:55 AM, "Markus Sabadello" <markus.sabadello@xxxxxxxxx> wrote:

Hello,

Yes I was on working on this.

[1] sounds ok to me. Somehow I still like to think that an embedded XRD is just another kind of UDI, like a URI, XRI, etc; but I guess that's an implementation detail.

## Please propose some edits to what I’ve written. I wasn’t trying to innovate here. (Also, I assume you’re still okay with the rename we did of resource-udi to resource-udr?).

The UDI Resolution Spec (http://www.azigo.com/udi/udi-resolution.html) says that an optional output of UDI Resolution is one or more "Authentication Material Types" and shows some example XRDs. The corresponding Higgins component (http://wiki.eclipse.org/Org.eclipse.higgins.idas.udi) implements this.

## Hmm.. Seems to me that the XRD might NOT contain the auth materials strictly speaking, but just some context metadata and a description of the auth scheme.

And I created this page a while ago: http://wiki.eclipse.org/Authentication_Materials. I think we should drop [3] and link to that page instead. It lists identifiers for Authentication Material Types that correspond to the actual classes that we currently have in IdAS. Currently those identifiers are not a superset of the m-card authentication identifiers, because strictly speaking they really are for "IdAS authentication", not "r-card authentication".

## Please update the page to drop [3] as you suggest.

The "implied" type (which we used to call "SSO") could be anything. The idea was that whoever is resolving the UDI (e.g. a Selector) must already know what Authentication Materials to use (e.g. the username/password with which the Selector is signed in to the I-Card-Service).

## Agreed.

Regarding serialization of Authentication Materials ([4]), hmm yes I was working on this too, but I'm afraid it isn't done yet. There has been discussion whether this serialization should be centrally defined or left to the applications that use it (IDS / XDI CP).

Markus

On Tue, Jul 7, 2009 at 5:24 AM, Paul Trevithick <ptrevithick@xxxxxxxxx> wrote:

Markus,

I updated [1] based on where we all ended up with the resource-udr [2] claim. Namely, that it is either an Entity UDI or an inline XRD.

I revised [3] as well. Please review. I’ve embedded a question about [3] in the text. I’m not sure if I understand the “SSO” scheme correctly.

Didn’t you make some progress on [4], BTW? Or am I dreaming?

--Paul

[1] http://wiki.eclipse.org/R-Card#RP_Authentication_Scheme_Discovery
[2] http://wiki.informationcard.net/index.php/Claim_Catalog?#resource-udr (thanks for making this resolve, BTW!)
[3] http://wiki.eclipse.org/R-Card#Authentication_Scheme_Types
[4] http://wiki.eclipse.org/R-Card#IdAS_Layer

Follow-Ups:
- Re: [higgins-dev] Re: R-Card Authentication
  - From: Paul Trevithick

References:
- [higgins-dev] Re: R-Card Authentication
  - From: Markus Sabadello

Prev by Date: RE: [higgins-dev] Higgins STS and X509 credential
Next by Date: Re: [higgins-dev] Re: R-Card Authentication
Previous by thread: [higgins-dev] Re: R-Card Authentication
Next by thread: Re: [higgins-dev] Re: R-Card Authentication
Index(es):
- Date
- Thread

Breadcrumbs