On 5-Jun-06, at 2:42 PM, Eric Rescorla wrote:
I'm still not sure I get what you're saying. Let me see if I can try again looking at the flows of data. OPTION 1: What I take DIX to be doing
Yes, this interaction diagram is correct.
Client IdP Relying Party ------------------------- Service Please ------------> <------------------------- Prove you're over 21-------- <-------Auth exchange ------> <------- Over 21 credential-- <----------------- Auth exchange plus over 21 cred ---->
Assuming that at some point earlier the user acquired an over 21 assertion
from an appropriate authority. Client Identity Agent Authority ------------------------- Service Please ------------> <--- Auth/Verify exchange, maybe even out of band ----> <------- Over 21 credential---------------------------- <--------- Over 21 cred ----> John _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
