[plasma] URL of identity provider in plasma response

Alan Borland <alan.b.borland@googlemail.com> Thu, 05 July 2012 10:08 UTC

Return-Path: <alan.b.borland@googlemail.com>
X-Original-To: plasma@ietfa.amsl.com
Delivered-To: plasma@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7EB7921F8566 for <plasma@ietfa.amsl.com>; Thu, 5 Jul 2012 03:08:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 4-75dph9qN9p for <plasma@ietfa.amsl.com>; Thu, 5 Jul 2012 03:08:23 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com []) by ietfa.amsl.com (Postfix) with ESMTP id 00D6B21F8518 for <plasma@ietf.org>; Thu, 5 Jul 2012 03:08:22 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so12886141pbc.31 for <plasma@ietf.org>; Thu, 05 Jul 2012 03:08:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=cR1TR/4O1uapc7J0Ga3xu79lwfU66iHoKs8T+SRe19M=; b=DMeVstW6MFhH/XhRU37RBZ6qdi1FQ+YQgHV0mKLciHb5KgupLsU0xUAbJaN0bWPydA IEjK1n1BTyyT3+mrMTkE9s6yn+cZNwogSchvAhucZOxXkASwIQr/mVkNVwu4m6Er+8Vt X4dXFOo8tn8bwmnuAzSB37wGtSqFhSD3vpyQctiGx+cyL0CrDqh7NMbxoDx1WySmz8sp U4746DippAuQzgoy25SZaFB0OM6Tz31RA7Q37F66E5lVlHijtdHSD+mtHFGupnGJlo6b 5OO/pYeQUV/lof36HhoVyJwCTvfzXiSUXun5U634zecLfW8qHEyzitV884RY+4zgrrka nlbw==
MIME-Version: 1.0
Received: by with SMTP id ty9mr26593973pbc.34.1341482916127; Thu, 05 Jul 2012 03:08:36 -0700 (PDT)
Received: by with HTTP; Thu, 5 Jul 2012 03:08:36 -0700 (PDT)
Date: Thu, 05 Jul 2012 11:08:36 +0100
Message-ID: <CALtitoZ=VJ0386VN1S3NJ6+aO8QQnabzGZzNG1SwP0352FeqXA@mail.gmail.com>
From: Alan Borland <alan.b.borland@googlemail.com>
To: plasma@ietf.org
Content-Type: multipart/alternative; boundary="047d7b33d5fcb0256304c412542e"
Subject: [plasma] URL of identity provider in plasma response
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2012 10:53:41 -0000


At our meeting in Reston I thought it was described how a client could send
a Plasma Request without an Authentication element.  In this case the
Plasma Server would return a Plasma Response to the client containing the
URL of the Identity Provider (adfs) to authenticate with.  The client must
then authenticate with the Identity Provider and re-submit the Plasma
Request with the completed Authentication element (including the assertion
returned by adfs).  However, I can't find any of this described in the
draft RFCs - Is this yet to be described or have I misunderstood something?