Re: [security-services] Proposed clean up on subject text

[Ron Monzillo <Ronald.Monzillo@Sun.COM>]

I can see I have fallen behind (perhaps further as I try to rcatch up).

anyway, the following sounds good to me

>"the relying party can treat the entity presenting the assertion as an
>entity that the SAML authority has associated with the entity identified in
>the name identifier and associated with the claims in the assertion (which
>may or may not be the same entity)."
>
and as I recently commented, I think we should view an assertion without 
SC elements
as a case where the authority is not being authoritative for who is 
authorized to use
the assertion.

Ron

Philpott, Robert wrote:

>>>I also think we should call out what it means if there are no
>>>confirmations in the <Subject> (e.g. it is considered confirmed
>>>by presentation).
>>>      
>>>
>>I thought no confirmation was equivalent to "unspecified", rather than
>>"bearer" (but I agree, we could say this).
>>    
>>
>[RSP] I agree with Scott.  Parties could potentially agree on
>out-of-band mechanisms of confirmation that aren't conveyed in the
>assertion subject.  The OOB mechanism could be something other than
>bearer.  Lacking an OOB agreement, I agree that bearer would probably be
>the default.
>
>  
>
>>I still wouldn't mind adding a small subphrase about the claims:
>>
>>"the relying party can treat the entity presenting the assertion as an
>>entity that the SAML authority has associated with the entity
>>    
>>
>identified
>  
>
>>in
>>the name identifier and associated with the claims in the assertion
>>    
>>
>(which
>  
>
>>may or may not be the same entity)."
>>    
>>
>[RSP] four uses of the word "entity" makes this a bit confusing,
>especially since the referenced entities are not always referring to the
>same entity.
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.
>
>  
>