Setting up a quick & dirty STS which supports smartcard backed managed cards… using Zermatt | CloudIdentity

Long ago, folks knew that getscope had a inbound-token-validation design purpose. Of course it doesn’t really show till you do async  methods. Only then do u get the handle on the full “scope” : that in tge given rst and that in the (multiple) operation context -extensions- -extensions-that behaviors may have established.

You might set the rp cert (for token encryption) based on a behaviour that looked at the client cert of the transporting channel … and its root certs.  … driving thereby cert selection based on both audience name and the country authenticating the transport channel’s cert.

Hmm. 2008. Piv cards. National id. Zermatt…



Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in coding theory. Bookmark the permalink.