> Actually there are various proprietary mechanisms for forwarding the
> challenge and response to an authentication server, but nothing that is
> standardised. But I think there are better solutions (e.g. authenticate to
> IdP using DIGEST and then present assertion to SP; not sure if that's what
> you were proposing here).
Yes, that's what I was proposing, although probably not with DIGEST unless
something like you're suggesting to forward material between the IdP and the
authentication server were used, I suppose.
-- Scott
|