[foaf-protocols] client cert validation callbacks, saml bridges, swp tokens (for REST), using microsoft ACS as federation point

peter williams home_pw at msn.com
Mon Mar 7 17:38:05 CET 2011


Webid group members are apparently interesting in the confluence of webid
(https cert validation callbacks) and the world of websso (and websso
bridging of one security protocol to another).

 

The URL points to an nice example of major IDP network requiring the very
first initiator to do validation callbacks for https SERVER certs. (This is
all done in a use case of bridging https security channels from browsers to
various websso channels, at enterprise endpoints (ADFS) and then cloud
endpoints (ACS),  as a user is handed-off to an on-premise, liteweight
RESTful webservice.

 

http://blogs.msdn.com/b/willpe/archive/2010/10/25/windows-authentication-adf
s-and-the-access-control-service.aspx

 

Any reason why this "server cert" cannot be subject to webid validation
agent tests?

 

Windows programming folks might want to change the use of the "mixed"
endpoint at the ADFS server in this setup to be one demanding +client+
certification from https. BY default, this would cause ADFS to do AD-based
cert validation pingbacks. Might be interesting to learn how in ADFS v2
world to override that setup, and induce it to do webid cert pingbacks
instead. The attributes recovered from the  foaf card would then be
delivered to swp-capable rest services using the various websso handoffs.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20110307/2ad332d2/attachment.htm 


More information about the foaf-protocols mailing list