Re: Using hardware based certificates
Re: Using hardware based certificates
- Subject: Re: Using hardware based certificates
- From: Asa Hardcastle <email@hidden>
- Date: Fri, 6 Nov 2009 15:32:41 -0500
Hi Daniel, Cheong, and Travis,
Instead of reproducing the Shibboleth IdP with a WO app, it might be
better to have a WO framework that simply cooperates and uses that
IdP. To my knowledge; Amazon, Google, and iTunesU and few other
companies have adopted the standard on which Shibboleth is based,
SAML2, as authentication mechanism. Thus the notion for such a WO
framework is for it use the IdP for different Virtual Service
Providers are out there.
What you are talking about is creating a WebObjects SAML2 SP Framework
that is compatible with Shibboleth IdP. This would be fantastic, and
I would be very interested in working on it. It would be an excellent
alternative to OpenID and provide true SSO and attribute exchange that
could be trusted in high security/privacy environments. One of the
things that I do in my non-webobjects capacity is development of an
open source ID-WSF 2.0 client library (openliberty.org) called
Wakame. Wakame is focused on identity based transactions from server
to server in a federated environment at the web services level. My
work is built on top of the XMLTooling, SAML2, and WS libraries that
are the basis for the java version of Shibboleth - so I have some
experience with the tooling environment.
later,
Asa
Any who, just a thought. I don't know if there is a suggestion box,
but this would be a great thing for the crew of Apple to weigh in
on. In my humble opinion, it would make for a great framework for
the community at large, and Apple has a lot of play on this.
Later,
Daniel Beatty
Computer Scientist, Detonation Sciences Branch
Code 474300D
2400 E. Pilot Plant Rd. M/S 1109
China Lake, CA 93555
email@hidden
(760)939-7097
-----Original Message-----
From: webobjects-dev-bounces+daniel.beatty=email@hidden [mailto:webobjects-dev-bounces+daniel.beatty=email@hidden
] On Behalf Of Cheong Hee (Gmail)
Sent: Thursday, November 05, 2009 20:26
To: email@hidden
Subject: RE: Using hardware based certificates
Hi Daniel
Appreciate feedback and help to keep the interest. IIRC someone
asked similar subject before, but not much follow through. May be
this is non WO related issue, however hopefully a generic framework
for WO could be derived to as you suggested.
For past few years, I spent some thought to marry [browser +
smartcard] together during smart card personalization. Should I
say, personalization process is the core process in smart card
implementation. If you know how the data being "written" securely
into the card, reading will be at ease.
Else, challenging or challenging!!! If you heard about Datacard
Affina or
Platform7 (nope... not the one in Transformers movie) SCLM, you know
what i meant .
If I got it right, Travis is looking into a card that has been
personalized with certificate. The first hurdle I thought Travis
asking was the access to smart card / reader from browser. I
supposed it could be done using some kind of variant Javascript ,
correct me if wrong. Once this is done, the rest will be pretty
much with individual case of challenge-response. Did a quick
google, Shibboleth is a single sign on server, curious if it provides
method to access smart card via browser. It is easier in .NET, but
then it
limits the solution.
Cheers
Cheong Hee
Greetings Travis and Cheong,
True, those are good guides especially in the PKI lingo world.
Although,
in his case there may be a simpler solution. Since he is working
with
the Air Force, and I myself with the Navy I suggest that he and I
collaborate on this project and that he call me to set something up.
I have noticed the same thing in academia as well, thus we should
target a framework that handles this kind of thing for general public
use with as open standards as possible. Best example of such a
standard I can think
of is Shibboleth out of Virginia Tech. Of course, Apple may be
gunning
for something similar in its Mobile Access Server and either way it
would be nice to simply have a framework that just uses the service
to
maximize the benefit for everyone.
Later,
Daniel Beatty
Computer Scientist, Detonation Sciences Branch Code 474300D 2400 E.
Pilot Plant Rd. M/S 1109 China Lake, CA 93555 email@hidden
(760)939-7097
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
@zenn.net
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden