RE: Using hardware based certificates
RE: Using hardware based certificates
- Subject: RE: Using hardware based certificates
- From: "Beatty, Daniel D CIV NAVAIR, 474300D" <email@hidden>
- Date: Fri, 6 Nov 2009 14:34:05 -0800
- Thread-topic: Using hardware based certificates
Greetings Asa,
Oh, I never said that I was going to create it. I was hoping to spawn little elves that Santa Claus missed an have them put it together. Of course, Santa Claus and some guys at Apple are faster than me. Hopefully Apple makes those elves make a SAML2 framework for us. It would be a great Christmas gift.
I can't say I have tried Wakame. How is it? Have you tried to incorporate it into WO?
>From what I can see with Shibboleth, one would set the IdP in its own standalone corner and let it service the other WO apps. The WO apps would themselves follow the principles of the Shibboleth Service provider.
In any case, yes I am talking about an SAML2 WO framework.
Later,
Daniel Beatty
Computer Scientist, Detonation Sciences Branch
Code 474300D
2400 E. Pilot Plant Rd. M/S 1109
China Lake, CA 93555
email@hidden
(760)939-7097
-----Original Message-----
From: Asa Hardcastle [mailto:email@hidden]
Sent: Friday, November 06, 2009 12:33
To: Beatty, Daniel D CIV NAVAIR, 474300D
Cc: Cheong Hee (Gmail); email@hidden
Subject: Re: Using hardware based certificates
Hi Daniel, Cheong, and Travis,
> Instead of reproducing the Shibboleth IdP with a WO app, it might be
> better to have a WO framework that simply cooperates and uses that
> IdP. To my knowledge; Amazon, Google, and iTunesU and few other
> companies have adopted the standard on which Shibboleth is based,
> SAML2, as authentication mechanism. Thus the notion for such a WO
> framework is for it use the IdP for different Virtual Service
> Providers are out there.
What you are talking about is creating a WebObjects SAML2 SP Framework that is compatible with Shibboleth IdP. This would be fantastic, and I would be very interested in working on it. It would be an excellent alternative to OpenID and provide true SSO and attribute exchange that could be trusted in high security/privacy environments. One of the things that I do in my non-webobjects capacity is development of an open source ID-WSF 2.0 client library (openliberty.org) called Wakame. Wakame is focused on identity based transactions from server to server in a federated environment at the web services level. My work is built on top of the XMLTooling, SAML2, and WS libraries that are the basis for the java version of Shibboleth - so I have some experience with the tooling environment.
later,
Asa
>
> Any who, just a thought. I don't know if there is a suggestion box,
> but this would be a great thing for the crew of Apple to weigh in on.
> In my humble opinion, it would make for a great framework for the
> community at large, and Apple has a lot of play on this.
>
> Later,
> Daniel Beatty
> Computer Scientist, Detonation Sciences Branch Code 474300D 2400 E.
> Pilot Plant Rd. M/S 1109 China Lake, CA 93555 email@hidden
> (760)939-7097
>
>
> -----Original Message-----
> From: webobjects-dev-bounces+daniel.beatty=email@hidden
> [mailto:webobjects-dev-bounces+daniel.beatty=email@hidden
> ] On Behalf Of Cheong Hee (Gmail)
> Sent: Thursday, November 05, 2009 20:26
> To: email@hidden
> Subject: RE: Using hardware based certificates
>
> Hi Daniel
>
> Appreciate feedback and help to keep the interest. IIRC someone asked
> similar subject before, but not much follow through. May be this is
> non WO related issue, however hopefully a generic framework for WO
> could be derived to as you suggested.
>
> For past few years, I spent some thought to marry [browser +
> smartcard] together during smart card personalization. Should I say,
> personalization process is the core process in smart card
> implementation. If you know how the data being "written" securely
> into the card, reading will be at ease.
> Else, challenging or challenging!!! If you heard about Datacard
> Affina or
> Platform7 (nope... not the one in Transformers movie) SCLM, you know
> what i meant .
>
> If I got it right, Travis is looking into a card that has been
> personalized with certificate. The first hurdle I thought Travis
> asking was the access to smart card / reader from browser. I supposed
> it could be done using some kind of variant Javascript , correct me if
> wrong. Once this is done, the rest will be pretty much with
> individual case of challenge-response. Did a quick google, Shibboleth
> is a single sign on server, curious if it provides
> method to access smart card via browser. It is easier in .NET, but
> then it
> limits the solution.
>
> Cheers
>
> Cheong Hee
>
>> Greetings Travis and Cheong,
>> True, those are good guides especially in the PKI lingo world.
>> Although,
>> in his case there may be a simpler solution. Since he is working
>> with
>> the Air Force, and I myself with the Navy I suggest that he and I
>> collaborate on this project and that he call me to set something up.
>>
>> I have noticed the same thing in academia as well, thus we should
>> target a framework that handles this kind of thing for general public
>> use with as open standards as possible. Best example of such a
>> standard I can think
>> of is Shibboleth out of Virginia Tech. Of course, Apple may be
>> gunning
>> for something similar in its Mobile Access Server and either way it
>> would be nice to simply have a framework that just uses the service
>> to maximize the benefit for everyone.
>>
>> Later,
>> Daniel Beatty
>> Computer Scientist, Detonation Sciences Branch Code 474300D 2400 E.
>> Pilot Plant Rd. M/S 1109 China Lake, CA 93555 email@hidden
>> (760)939-7097
>>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> navy.mil
>
> This email sent to email@hidden
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> @zenn.net
>
> This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden