That's incredible, and very cool!! <div><br></div><div>I don't know that much about SAML, but it seems like a SAML IdP can use an individual user's key-pair to create an assertion that an RP can use to allow a login (a "signed assertion")?</div>
<div><br></div><div>From TFA: "Then the IdP on the mobile phone creates an SAML assertion and signs the assertion with the private key of the mobile phone".</div><div><br></div><div>OpenID doesn't have the ability to sign assertions like this, does it? </div>
<div><br></div><div><br></div><div><div class="gmail_quote">On Wed, Mar 3, 2010 at 12:03 PM, Paul Madsen <span dir="ltr"><<a href="mailto:paulmadsen@rogers.com">paulmadsen@rogers.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#ffffff" text="#000000">
Hi David, NTT built something like you describe for SAML SSO -
specifically the scenario you list below in #4<br>
<br>
<a href="http://www.projectliberty.org/liberty/content/download/3960/26523/file/NTT-SASSO%20liberty%20case%20study.pdf" target="_blank">http://www.projectliberty.org/liberty/content/download/3960/26523/file/NTT-SASSO%20liberty%20case%20study.pdf</a><br>
<br>
paul<div><div></div><div class="h5"><br>
<br></div></div></div></blockquote></div></div>