Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[higgins-dev] How to determine, as an RP, security token procedence
Hello all,

I know that maybe this is not an iCard normal scenario, since RP should not know anything about who made the token but... there is any way that could allow RP to know that a token comes from a trusted IdP? I guess that it should exist any way to do it because depending of the procedence the token may be more or less trustable...

I don't think that this has something to do with appliesTo, since that parameter will send IdP certificate through the net and this would trash almost all anonymity between RP and IdP. I would like a method to know that the token is reliable and not to know directly who issued it.

Thanks for any help you can give me :)

Regards,
---
David Campos
Safelayer Secure Communications
DMAG UPC Researcher

Back to the top