...
The discussion then turned to the specific attributes that will be passed on login and validation. Below is a transcription of the whiteboard:
----------------------------------------------------------------
Login:
what authn is okay?
gateway? renew? remote user? auth types (cert, kerb, etc.)?
"service"
...
| No Format |
|---|
Login:
what authn is okay?
gateway? renew? remote user? auth types (cert, kerb, etc.)?
"service"
Validate: "opt into same"
/samlValidate
POST
SAML Request:
ticket
what attributes are desired?
[access control] rule
SAML Response:
netid, renew, "service",
how, attribs, perms (boolean) [access control rule satisfied?],
PGT
|
The discussion then turned to a local "strong" PKI database. For a PKI to be secure and useful, certificates must be issued by a trusted source that actually verifies recipients and does not hand out certificates carelessly.