Re: [rtcweb] usability of IdP concepts in draft-ietf-rtcweb-security-arch-07

Simon Perreault <simon.perreault@viagenie.ca> Wed, 06 November 2013 01:45 UTC

Return-Path: <simon.perreault@viagenie.ca>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9258B21E80CA for <rtcweb@ietfa.amsl.com>; Tue, 5 Nov 2013 17:45:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ROzmaS74xC91 for <rtcweb@ietfa.amsl.com>; Tue, 5 Nov 2013 17:45:04 -0800 (PST)
Received: from jazz.viagenie.ca (jazz.viagenie.ca [IPv6:2620:0:230:8000::2]) by ietfa.amsl.com (Postfix) with ESMTP id C1E4C21F9D38 for <rtcweb@ietf.org>; Tue, 5 Nov 2013 17:44:12 -0800 (PST)
Received: from porto.nomis80.org (unknown [IPv6:2620:0:230:2001::1000]) by jazz.viagenie.ca (Postfix) with ESMTPSA id 420E740402 for <rtcweb@ietf.org>; Tue, 5 Nov 2013 20:44:12 -0500 (EST)
Message-ID: <52799EEB.6030203@viagenie.ca>
Date: Tue, 05 Nov 2013 17:44:11 -0800
From: Simon Perreault <simon.perreault@viagenie.ca>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <CAAJUQMgRqOggVzviMPnvpkwSzYJeEe_1S5K00chdGq-Hghq3Dg@mail.gmail.com> <52795BF0.1020207@makk.es> <CAAJUQMj2_sXtyTf=SugJWA81Ho_+G5WJN4QCfv1Z1FQdZL=Reg@mail.gmail.com> <CABkgnnUJSWz9fqUNSp3+RGyFpHVddXWHq9Y2nMTMUf9n2H798Q@mail.gmail.com> <CAAJUQMjmWsTmvkWDgJeNuocWYAiTerT=P7fMHbXRx6mjfe9DMg@mail.gmail.com> <CABkgnnWv5DkD+hhadhB2juNP+kAzNn2wK895FKVMO_OEohv=MA@mail.gmail.com>
In-Reply-To: <CABkgnnWv5DkD+hhadhB2juNP+kAzNn2wK895FKVMO_OEohv=MA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [rtcweb] usability of IdP concepts in draft-ietf-rtcweb-security-arch-07
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 01:45:21 -0000

Le 2013-11-05 17:37, Martin Thomson a écrit :
> On 5 November 2013 16:36, Wolfgang Beck <wolfgang.beck01@googlemail.com> wrote:
>> I'm not convinced. How would you explain to the user why he has to login --
>> or select an idp -- twice? Maybe this is more an API/W3C topic.
>
> As I have said a couple of times already, the user should not have to
> login more than once.  If that were the case, then that would be a
> problem with the IdP.  The generation of an assertion might require
> login, but validation definitely shouldn't.
>
> It's also possible that you already have a session open with your IdP.
>   In that case, you wouldn't necessarily see a login flow at all.

+1

I've been working on IdPs and WebRTC recently, and I also don't see why 
double login would be necessary. Where does this idea come from?

Simon
-- 
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source        --> http://ecdysis.viagenie.ca
STUN/TURN server               --> http://numb.viagenie.ca