Re: [dix] Review of draft-merrells-dix-00.txt

Mon, 13 Feb 2006 10:21:13 -0800 


On 11-Feb-06, at 3:17 PM, Eric Rescorla wrote:


When the user contacts the Membersite (1), it responds with a web
page prompting the user to enter the URL of its Homesite (2). The
user then enters the Homesite URL (3).


Actually, we call it the Homesite Path. The user provides it, so it may
not be a well-formed URL, so we say Path and encourage the
Membersite to turn it into a URL. eg. yahoo.com -> http://yahoo.com/


The Membersite contacts the
Homesite (4,5) to determine whether the Homesite can provide the
appropriate kind of authentication.


Capability, rather than authentication. Yes, a capability could be
a means of authentication. ie. MS wants a HS that can perform
authentication with a Foo-Bar-Baz 2-factor device.


If it can, the Membersite
sends the client a redirect (6) (using Javascript) to the
Homesite. In some way that's not entirely clear


True.


the Homesite
validates the request and returns a ticket to the Client (8)
The Client then (via Javascript?) sends the ticket to the
the Membersite (9). The Membersite contacts the Homesite with
a digest of the ticket in order to confirm its validity (10)
If the Homesite says its OK (11), the Membersite returns OK
to the Client (12)


Not sure it's a Ticket, but... the HS sends a message digest
and a signature that is a digest of the message digest and
a HS secret... if that's a ticket then yes.

The MS sends both the digest and the signature to the HS
for verification .

John




  Client                       Membersite                    Homesite

1 Hello -------------------------->
2       <------- Enter homesite URL
3 Homesite URL ------------------->
4                                  Get capabilities ---------->
5                                         <------------- Capabilities
6       <------ Redirect to Homesite
7 Get Ticket-------------------------------------------------->
8       <----------------------------------------------------- Ticket
9 Ticket ------------------------->
10                               Verify ticket -------------->
11                               <-----------------------  Ticket OK
12      <------------------------ OK



_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix

Reply via email to