Setting up a quick & dirty STS which supports smartcard backed managed cards… using Zermatt | CloudIdentity

Long ago, folks knew that getscope had a inbound-token-validation design purpose. Of course it doesn’t really show till you do async  methods. Only then do u get the handle on the full “scope” : that in tge given rst and that in the (multiple) operation context -extensions- -extensions-that behaviors may have established.

You might set the rp cert (for token encryption) based on a behaviour that looked at the client cert of the transporting channel … and its root certs.  … driving thereby cert selection based on both audience name and the country authenticating the transport channel’s cert.

Hmm. 2008. Piv cards. National id. Zermatt…


About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in coding theory. Bookmark the permalink.