[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [saml-dev] saml Subject
Hi, > A) NameIdentifier - There's a standard URI reference (like > #emailAddress) describe the format of an LDAP DN ? If not, can i define > one without go out of specification boundary ? SAML spec (cs-sstc-core-01) 2.4.2.2 says, "... The interpretation of the NameQualifier ,and NameIdentifier's content in the case of a Format not specified in this document, are left to individual implementations." So, you can define the format of an LDAP DN as , for example, "urn:ietf: rfc:2253" > B) The element SubjectConfirmation could have the ConfirmationMethod as > a sort of "LDAPBind" and SubjectConfirmationData as the password ? Yes , see 2.4.3.3. However the AuthenticationAssertion is not data to authenticate a subject but data proving the subject in the assertion is authenticated. So it might be inadequate that SubjectConfirmationData includes password itself. Regards, ---------------------------------------------- NTT Data Corporation Yuji Sakata E-Mail: sakatayu@nttdata.co.jp ----------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC