John Merrells wrote: > An identity information exchange should involve just three parties: the > user, their agent, and a relying party. The user’s agent is where they > authenticate themselves and a repository where they store their identity > information, and the relying party is an entity requesting identity > information.
This seems overly prescriptive. In particular, it would appear to exclude any kind of temporary certificate. It also excludes proxies. Oh, and the case where authentication occurs elsewhere. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
