Of course ultimately this is not scalable nor manageable. I believe Internet 2 are working on a distributed metadata model where everyone can assert their own metadata, self sign it, and manage it. Recipients then will need to configure their own trust rules for who they trust to assert what (which is what PERMIS does today :-) regards David Krzysztof Benedyczak wrote:
Chad La Joie wrote:
Metadata is not currently self-asserted. So it's not the IdP the defines its metadata. It's the federation that is ultimately responsible for it. So, you have a third-party there vouching that the scope is appropriate for the IdP. So, if you trust that third-party you're good. OK, now everything is clear.
Thanks for the explanations!
Best regards Krzysztof -- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************