IETF Logo Mail Archive

Re: review of draft-wierenga-ietf-sasl-saml-00

Klaas Wierenga <klaas@cisco.com> Thu, 27 May 2010 12:34 UTC

Return-Path: <klaas@cisco.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7A38E3A6AA3 for <kitten@core3.amsl.com>; Thu, 27 May 2010 05:34:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.972
X-Spam-Level:
X-Spam-Status: No, score=-7.972 tagged_above=-999 required=5 tests=[AWL=2.627, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VRW2cm8vW+ib for <kitten@core3.amsl.com>; Thu, 27 May 2010 05:34:26 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id 44F723A68B3 for <kitten@ietf.org>; Thu, 27 May 2010 05:34:26 -0700 (PDT)
Authentication-Results: ams-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AuYBAA8E/kuQ/uCWe2dsb2JhbACeGxUBARYiBhymSpoYhRMEj1g
X-IronPort-AV: E=Sophos;i="4.53,311,1272844800"; d="scan'208";a="61900128"
Received: from ams-core-1.cisco.com ([144.254.224.150]) by ams-iport-1.cisco.com with ESMTP; 27 May 2010 12:34:15 +0000
Received: from macmini.wierenga.net (ams-kwiereng-8711.cisco.com [10.55.220.242]) by ams-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o4RCYEVw018481; Thu, 27 May 2010 12:34:14 GMT
Message-ID: <4BFE66C6.6060108@cisco.com>
Date: Thu, 27 May 2010 14:34:14 +0200
From: Klaas Wierenga <klaas@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: Scott Cantor <cantor.2@osu.edu>
Subject: Re: review of draft-wierenga-ietf-sasl-saml-00
References: <tslzkzn67n5.fsf@mit.edu> <077001cafc4b$603f0510$20bd0f30$@osu.edu> <4BFD2ECE.5020600@cisco.com> <07e801cafce5$4cf7f7b0$e6e7e710$@osu.edu> <4BFD414A.7070002@cisco.com> <07f301cafceb$d9244f30$8b6ced90$@osu.edu>
In-Reply-To: <07f301cafceb$d9244f30$8b6ced90$@osu.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: kitten@ietf.org, moonshot-community@jiscmail.ac.uk, 'Sam Hartman' <hartmans-ietf@mit.edu>, draft-wierenga-ietf-sasl-saml@tools.ietf.org
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2010 12:34:28 -0000

On 5/26/10 5:55 PM, Scott Cantor wrote:
>> right, but that than comes at the expense of more complex SASL
>> interaction, i.e. you are going to send the AuthenticationStatement as a
>> response to the AuthentionRequest challenge over SASL, right?
>
> It's a SAML Response (the statement is well buried), but why is that more
> complex than an empty response, running a web server to handle a SSO
> response, and then making a callback?
>
> I think it's a much simpler flow. Request, Response.
>
> I'm coming at this with probably insufficient SASL knowledge, though I'm
> trying to rectify that. Maybe I'm missing something.

No sorry, what I meant to say is that at the client it is easier to do 
"please open a browser with the following url" as opposed to "here is a 
saml assertion, deal with it and send me back your 
AuthenticationStatement", for the SASL interaction it is not more 
difficult indeed.

Klaas

v2.23.0 | Report a Bug | By Email