Re: [plasma] URL of identity provider in plasma response

"Jim Schaad" <jimsch@nwlink.com> Thu, 05 July 2012 17:33 UTC

Return-Path: <jimsch@nwlink.com>
X-Original-To: plasma@ietfa.amsl.com
Delivered-To: plasma@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A54E21F85A2 for <plasma@ietfa.amsl.com>; Thu, 5 Jul 2012 10:33:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JVAv1HhX331F for <plasma@ietfa.amsl.com>; Thu, 5 Jul 2012 10:33:35 -0700 (PDT)
Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) by ietfa.amsl.com (Postfix) with ESMTP id 2D74E21F85AC for <plasma@ietf.org>; Thu, 5 Jul 2012 10:33:35 -0700 (PDT)
Received: from Tobias (mail.augustcellars.com [50.34.17.238]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id 7FB6B38F13; Thu, 5 Jul 2012 10:33:48 -0700 (PDT)
From: "Jim Schaad" <jimsch@nwlink.com>
To: "'Alan Borland'" <alan.b.borland@googlemail.com>, <plasma@ietf.org>
References: <CALtitoZ=VJ0386VN1S3NJ6+aO8QQnabzGZzNG1SwP0352FeqXA@mail.gmail.com>
In-Reply-To: <CALtitoZ=VJ0386VN1S3NJ6+aO8QQnabzGZzNG1SwP0352FeqXA@mail.gmail.com>
Date: Thu, 5 Jul 2012 10:32:28 -0700
Message-ID: <045101cd5ad4$26d3e540$747bafc0$@nwlink.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0452_01CD5A99.7A8C17B0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQG2A3opt7WzVRjrdfb0MMYs9XyRW5dJoQqQ
Content-Language: en-us
Subject: Re: [plasma] URL of identity provider in plasma response
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2012 17:33:36 -0000

That is an interesting idea, and one that we should look at.  I was not at
the meeting in Reston.  Currently it will return the set of attributes that
are required to the requestor, but not a set of attribute authorities. 

 

jim

 

From: plasma-bounces@ietf.org [mailto:plasma-bounces@ietf.org] On Behalf Of
Alan Borland
Sent: Thursday, July 05, 2012 3:09 AM
To: plasma@ietf.org
Subject: [plasma] URL of identity provider in plasma response

 

(resend)

 

At our meeting in Reston I thought it was described how a client could send
a Plasma Request without an Authentication element.  In this case the Plasma
Server would return a Plasma Response to the client containing the URL of
the Identity Provider (adfs) to authenticate with.  The client must then
authenticate with the Identity Provider and re-submit the Plasma Request
with the completed Authentication element (including the assertion returned
by adfs)  However, I can't find any of this described in the draft RFCs - Is
this yet to be described or have I misunderstood something?

 

Alan.