[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Proposed clean up on subject text
I can see I have fallen behind (perhaps further as I try to rcatch up). anyway, the following sounds good to me >"the relying party can treat the entity presenting the assertion as an >entity that the SAML authority has associated with the entity identified in >the name identifier and associated with the claims in the assertion (which >may or may not be the same entity)." > and as I recently commented, I think we should view an assertion without SC elements as a case where the authority is not being authoritative for who is authorized to use the assertion. Ron Philpott, Robert wrote: >>>I also think we should call out what it means if there are no >>>confirmations in the <Subject> (e.g. it is considered confirmed >>>by presentation). >>> >>> >>I thought no confirmation was equivalent to "unspecified", rather than >>"bearer" (but I agree, we could say this). >> >> >[RSP] I agree with Scott. Parties could potentially agree on >out-of-band mechanisms of confirmation that aren't conveyed in the >assertion subject. The OOB mechanism could be something other than >bearer. Lacking an OOB agreement, I agree that bearer would probably be >the default. > > > >>I still wouldn't mind adding a small subphrase about the claims: >> >>"the relying party can treat the entity presenting the assertion as an >>entity that the SAML authority has associated with the entity >> >> >identified > > >>in >>the name identifier and associated with the claims in the assertion >> >> >(which > > >>may or may not be the same entity)." >> >> >[RSP] four uses of the word "entity" makes this a bit confusing, >especially since the referenced entities are not always referring to the >same entity. > > > >To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php. > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]