[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Authentication Token
Trevor, Ed, et al I have a slight preference for different name for the two elements as Trevor suggests. Though I would find either acceptable. Also, keeping with current saml:NameIdentifierType syntax is fine, just wanted to check that this has no hidden gotcha. Nick > -----Original Message----- > From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: 28 October 2004 07:17 > To: dss@lists.oasis-open.org > Subject: RE: [dss] Authentication Token > > > At 12:46 PM 10/27/2004 -0400, Ed Shallow wrote: > >[...] > > I do not think that the subtle semantic difference between > > ClaimedIdentity (now with SupportingInfo) and RequesterIdentity (always > > had SupportingInfo) is worth distinct and separate naming. > > I like your previous proposal better. RequesterIdentity and > ClaimedIdentity have pretty different functions: > - RequesterIdentity goes in signature, says "this guy requested the > signature be produced (and here's other public info about him)" > - ClaimedIdentity goes in protocol, says "I'm requesting a signature be > produced (and here's other data about me which proves my identity and > proves I assent to this request" > > The supporting info has very different roles - in the 1st case, > it's public > (e.g. a certificate), in the latter case, it may be private and > tied to the > protocol request (e.g. a signature, PSTP signature, MAC, etc.). > > So I think making the structures similar but not identical, like > you first > proposed, is the best approach. > > Trevor > > > To unsubscribe from this mailing list (and be removed from the > roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor > kgroup.php. > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]