SSO authentication: a new approach
Ray Plante
rplante at ncsa.uiuc.edu
Thu Mar 10 10:45:06 PST 2005
On Thu, 10 Mar 2005, Guy Rixon wrote:
> Your weak certficates: how does a receiving service distinguish them from a
> strong certficate? Do they have a different CA?
Yes. And the name of the weak CA explicitly features the word "Weak" in
it. Applications then may choose whether to trust this CA depending on
their security needs. See document for details. An important point of
the weak cert is to avoid the pain-in-the-ass processes we have now when
it isn't needed, but to be compatible with it when it is.
cheers,
Ray
More information about the grid
mailing list