[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Need help understanding <SubjectConfirmation>
> Would you help me to understand the purpose of the > SubjectConfirmation element? You should read the errata as well, but SubjectConfirmation is how SAML assertions are turned into "security tokens", by binding them to an actual security technology that allows a client to prove that it is authorized by the SAML authority to act as the subject. In your example, holder of key does not refer to the authority but to the attesting entity. If I prove I hold the key, then I'm authorized to wield the assertion as the subject. That may mean I'm the subject, or if there's an identifier inside the SubjectConfirmation, I'm that entity acting on behalf of the subject. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]