Cross logins
Anne & Lynn Wheeler
lynn at garlic.com
Fri Aug 5 16:37:29 EDT 2005
James A. Donald wrote:
> --
> Is it possible for two web sites to arrange for cross
> logins?
>
> The goal is that if someone is logged into website
> https://A.com as user127, and then browses to
> https://B.com/A_com_registrants, he will be
> automatically logged in on b.com as user127 at A.com
project athena was being funded to the tune of $50m split between dec
and ibm. my wife and I got to go by periodically and review their
projects. on one of the visits we were on the leading edge of working
out the details of kerberos cross-domain operation.
in the following years ... it turns out that the protocol wasn't the big
issue ... it was establishing the business trust between two independent
organizations (not the protocol issues) ... random past kerberos posts
http://www.garlic.com/~lynn/subpubkey.html#kerberos
however, maybe two years ago, i saw a presentation on a saml
cross-domain deployment ... that went into some details on the message
flows. I happened to observe that the basic message flows looked exactly
like the kerberos cross-domain message flows (dating back to start of
kerberos cross-domain). first, the person doing the presentation was
surprised that anybody in the audience had ever heard of kerberos ...
and then they finally allowed that their might just be a limited number
of ways of doing cross-domain operation.
saml reference:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list