Sam,
This reply was very helpful to get a better understanding of the trust router model.
I did pluck out one thing around the entityid and community of interest and how it's they who decide entity Ids and it got me thinking about what the value of the community is. To me, this is the leap of faith trust area and something like SAML metadata helps identify a community and assist with that first leap -- those in the metadata are a particular community and by being there have passed some form of trust verification out of band on behalf of all users in the community. This community sits on top of trusty router fabric so to speak.
Without such, why would I trust any given point even if it was secure end to end? To me there must be a place to anchor or pivot my decision or such a decision on my behalf. I also think that using ssl certs as the only anchor have shown some chinks in the armor on that path and would like to hear more about how communities are represented and managed/implemented/formed.
Thanks again for a good overview
Chris
/mobile_____________________
[log in to unmask]
On Feb 9, 2013, at 6:57 AM, "Sam Hartman" <[log in to unmask]> wrote:
> The entity ID for each service is up to the community of interest.
|